################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2026-06-18 10:19:31 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.39.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866756/; classtype:trojan-activity;sid:84729856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866754)"; flow:established,from_client; content:"GET"; http_method; content:"/lil"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866754/; classtype:trojan-activity;sid:84729854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866755)"; flow:established,from_client; content:"GET"; http_method; content:"/p"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.65.139.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866755/; classtype:trojan-activity;sid:84729855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.98.225.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866753/; classtype:trojan-activity;sid:84729853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866752/; classtype:trojan-activity;sid:84729852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.238.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866751/; classtype:trojan-activity;sid:84729851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.176.84.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866750/; classtype:trojan-activity;sid:84729850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866749)"; flow:established,from_client; content:"GET"; http_method; content:"/bebra.zip|3f|v=1781776309044|7c|26|7c|r=adrvod"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bebra-dev.pro"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866749/; classtype:trojan-activity;sid:84729849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866748)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"domokitw.lol"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866748/; classtype:trojan-activity;sid:84729848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866743)"; flow:established,from_client; content:"GET"; http_method; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.arc"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"185.193.67.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866743/; classtype:trojan-activity;sid:84729843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.107.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866742/; classtype:trojan-activity;sid:84729842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866737)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.56.209.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866737/; classtype:trojan-activity;sid:84729837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866738)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31.56.209.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866738/; classtype:trojan-activity;sid:84729838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866739)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.56.209.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866739/; classtype:trojan-activity;sid:84729839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866740)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.56.209.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866740/; classtype:trojan-activity;sid:84729840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866741)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.56.209.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866741/; classtype:trojan-activity;sid:84729841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866733)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.56.209.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866733/; classtype:trojan-activity;sid:84729833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866734)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.56.209.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866734/; classtype:trojan-activity;sid:84729834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866735)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.x86_64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"31.56.209.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866735/; classtype:trojan-activity;sid:84729835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866736)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.arm8"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.56.209.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866736/; classtype:trojan-activity;sid:84729836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866730/; classtype:trojan-activity;sid:84729830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"64.89.161.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866729/; classtype:trojan-activity;sid:84729829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"64.89.161.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866728/; classtype:trojan-activity;sid:84729828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866723)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.161.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866723/; classtype:trojan-activity;sid:84729823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866724)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.161.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866724/; classtype:trojan-activity;sid:84729824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866725)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"64.89.161.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866725/; classtype:trojan-activity;sid:84729825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866726)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.89.161.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866726/; classtype:trojan-activity;sid:84729826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866727)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.89.161.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866727/; classtype:trojan-activity;sid:84729827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866719)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.161.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866719/; classtype:trojan-activity;sid:84729819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866720)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.161.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866720/; classtype:trojan-activity;sid:84729820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866721)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.161.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866721/; classtype:trojan-activity;sid:84729821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866722)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"64.89.161.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866722/; classtype:trojan-activity;sid:84729822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"64.89.160.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866718/; classtype:trojan-activity;sid:84729818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"64.89.160.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866717/; classtype:trojan-activity;sid:84729817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.113.51.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866716/; classtype:trojan-activity;sid:84729816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866714/; classtype:trojan-activity;sid:84729814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.182.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866713/; classtype:trojan-activity;sid:84729813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866711)"; flow:established,from_client; content:"GET"; http_method; content:"/load/werwte.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.252.155.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866711/; classtype:trojan-activity;sid:84729811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866712)"; flow:established,from_client; content:"GET"; http_method; content:"/load/iuyuh.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.252.155.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866712/; classtype:trojan-activity;sid:84729812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.110.15.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866708/; classtype:trojan-activity;sid:84729808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866707)"; flow:established,from_client; content:"GET"; http_method; content:"/thornflash3client.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866707/; classtype:trojan-activity;sid:84729807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.154.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866706/; classtype:trojan-activity;sid:84729806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.98.225.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866705/; classtype:trojan-activity;sid:84729805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866701)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.42.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866701/; classtype:trojan-activity;sid:84729801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866702)"; flow:established,from_client; content:"GET"; http_method; content:"/karm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"91.92.42.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866702/; classtype:trojan-activity;sid:84729802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866703)"; flow:established,from_client; content:"GET"; http_method; content:"/lul.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.42.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866703/; classtype:trojan-activity;sid:84729803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.10.155.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866704/; classtype:trojan-activity;sid:84729804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866700/; classtype:trojan-activity;sid:84729800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.107.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866698/; classtype:trojan-activity;sid:84729798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.17.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866697/; classtype:trojan-activity;sid:84729797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866696/; classtype:trojan-activity;sid:84729796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.113.51.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866695/; classtype:trojan-activity;sid:84729795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.249.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866694/; classtype:trojan-activity;sid:84729794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.28.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866693/; classtype:trojan-activity;sid:84729793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.166.134.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866692/; classtype:trojan-activity;sid:84729792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.50.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866691/; classtype:trojan-activity;sid:84729791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.154.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866690/; classtype:trojan-activity;sid:84729790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.249.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866689/; classtype:trojan-activity;sid:84729789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.226.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866688/; classtype:trojan-activity;sid:84729788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.50.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866687/; classtype:trojan-activity;sid:84729787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866686)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/0m8mxuh181ska4zxthp9f/de0039-029302-r-img0029002.iso|3f|rlkey=jri4w2xcq3y5kgve3ij6vu8b0|7c|26|7c|dl=1"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866686/; classtype:trojan-activity;sid:84729786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866685)"; flow:established,from_client; content:"GET"; http_method; content:"/j0yh-keux-j9id-2i7m/img_90oqpz.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866685/; classtype:trojan-activity;sid:84729785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.17.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866681/; classtype:trojan-activity;sid:84729781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.254.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866679/; classtype:trojan-activity;sid:84729779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.124.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866678/; classtype:trojan-activity;sid:84729778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.14.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866677/; classtype:trojan-activity;sid:84729777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.254.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866675/; classtype:trojan-activity;sid:84729775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866669)"; flow:established,from_client; content:"GET"; http_method; content:"/a3f8d2/kaizen.arm5_srv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"83.142.209.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866669/; classtype:trojan-activity;sid:84729769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866670)"; flow:established,from_client; content:"GET"; http_method; content:"/a3f8d2/kaizen.arm64_srv"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"83.142.209.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866670/; classtype:trojan-activity;sid:84729770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866671)"; flow:established,from_client; content:"GET"; http_method; content:"/a3f8d2/kaizen.ppc_srv"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"83.142.209.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866671/; classtype:trojan-activity;sid:84729771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866672)"; flow:established,from_client; content:"GET"; http_method; content:"/a3f8d2/kaizen.arm_srv"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"83.142.209.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866672/; classtype:trojan-activity;sid:84729772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866673)"; flow:established,from_client; content:"GET"; http_method; content:"/a3f8d2/kaizen.sh4_srv"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"83.142.209.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866673/; classtype:trojan-activity;sid:84729773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866663)"; flow:established,from_client; content:"GET"; http_method; content:"/a3f8d2/kaizen.x86_64_srv"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"83.142.209.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866663/; classtype:trojan-activity;sid:84729763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866664)"; flow:established,from_client; content:"GET"; http_method; content:"/a3f8d2/kaizen.mpsl_srv"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"83.142.209.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866664/; classtype:trojan-activity;sid:84729764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.233.94.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866661/; classtype:trojan-activity;sid:84729761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.14.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866658/; classtype:trojan-activity;sid:84729758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866657)"; flow:established,from_client; content:"GET"; http_method; content:"/data_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"static.249.223.175.5.nextregister.eu"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866657/; classtype:trojan-activity;sid:84729757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866655)"; flow:established,from_client; content:"GET"; http_method; content:"/data_mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"static.249.223.175.5.nextregister.eu"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866655/; classtype:trojan-activity;sid:84729755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.86.251.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866656/; classtype:trojan-activity;sid:84729756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866650)"; flow:established,from_client; content:"GET"; http_method; content:"/data_arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"static.249.223.175.5.nextregister.eu"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866650/; classtype:trojan-activity;sid:84729750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866651)"; flow:established,from_client; content:"GET"; http_method; content:"/womp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"static.249.223.175.5.nextregister.eu"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866651/; classtype:trojan-activity;sid:84729751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866652)"; flow:established,from_client; content:"GET"; http_method; content:"/data_mips-uclibc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"static.249.223.175.5.nextregister.eu"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866652/; classtype:trojan-activity;sid:84729752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866653)"; flow:established,from_client; content:"GET"; http_method; content:"/data_powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"static.249.223.175.5.nextregister.eu"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866653/; classtype:trojan-activity;sid:84729753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866654)"; flow:established,from_client; content:"GET"; http_method; content:"/data_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"static.249.223.175.5.nextregister.eu"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866654/; classtype:trojan-activity;sid:84729754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866644)"; flow:established,from_client; content:"GET"; http_method; content:"/data_mipsel-uclibc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"static.249.223.175.5.nextregister.eu"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866644/; classtype:trojan-activity;sid:84729744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866645)"; flow:established,from_client; content:"GET"; http_method; content:"/data_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"static.249.223.175.5.nextregister.eu"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866645/; classtype:trojan-activity;sid:84729745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866647)"; flow:established,from_client; content:"GET"; http_method; content:"/data_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"static.249.223.175.5.nextregister.eu"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866647/; classtype:trojan-activity;sid:84729747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866648)"; flow:established,from_client; content:"GET"; http_method; content:"/data_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"static.249.223.175.5.nextregister.eu"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866648/; classtype:trojan-activity;sid:84729748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866649)"; flow:established,from_client; content:"GET"; http_method; content:"/data_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"static.249.223.175.5.nextregister.eu"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866649/; classtype:trojan-activity;sid:84729749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866643)"; flow:established,from_client; content:"GET"; http_method; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.arm7"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"185.193.67.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866643/; classtype:trojan-activity;sid:84729743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.232.142.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866639/; classtype:trojan-activity;sid:84729739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866630)"; flow:established,from_client; content:"GET"; http_method; content:"/gh/vitiapig/lang-28/robot"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cdn.jsdelivr.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866630/; classtype:trojan-activity;sid:84729730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866631)"; flow:established,from_client; content:"GET"; http_method; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.m68k"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"185.193.67.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866631/; classtype:trojan-activity;sid:84729731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866623)"; flow:established,from_client; content:"GET"; http_method; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.arm"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"185.193.67.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866623/; classtype:trojan-activity;sid:84729723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866625)"; flow:established,from_client; content:"GET"; http_method; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.arm5"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"185.193.67.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866625/; classtype:trojan-activity;sid:84729725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.133.65.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866626/; classtype:trojan-activity;sid:84729726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866615)"; flow:established,from_client; content:"GET"; http_method; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.spc"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"185.193.67.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866615/; classtype:trojan-activity;sid:84729715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866616)"; flow:established,from_client; content:"GET"; http_method; content:"/hiroz3x.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.193.67.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866616/; classtype:trojan-activity;sid:84729716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866617)"; flow:established,from_client; content:"GET"; http_method; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.sh4"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"185.193.67.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866617/; classtype:trojan-activity;sid:84729717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866618)"; flow:established,from_client; content:"GET"; http_method; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.mips"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"185.193.67.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866618/; classtype:trojan-activity;sid:84729718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866620)"; flow:established,from_client; content:"GET"; http_method; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.ppc"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"185.193.67.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866620/; classtype:trojan-activity;sid:84729720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.72.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866610/; classtype:trojan-activity;sid:84729710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866611)"; flow:established,from_client; content:"GET"; http_method; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.x86"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"185.193.67.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866611/; classtype:trojan-activity;sid:84729711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866612)"; flow:established,from_client; content:"GET"; http_method; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.i686"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"185.193.67.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866612/; classtype:trojan-activity;sid:84729712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866613)"; flow:established,from_client; content:"GET"; http_method; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.mpsl"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"185.193.67.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866613/; classtype:trojan-activity;sid:84729713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866614)"; flow:established,from_client; content:"GET"; http_method; content:"/h0r0zx00xh0r0zx00xdefault/h0r0zx00x.arm6"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"185.193.67.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866614/; classtype:trojan-activity;sid:84729714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.235.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866589/; classtype:trojan-activity;sid:84729689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866590)"; flow:established,from_client; content:"GET"; http_method; content:"/data/optimized_msi.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"hostphpwindowsnuevas.ydns.eu"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866590/; classtype:trojan-activity;sid:84729690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866580)"; flow:established,from_client; content:"GET"; http_method; content:"/ggldg/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866580/; classtype:trojan-activity;sid:84729680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866566)"; flow:established,from_client; content:"GET"; http_method; content:"/msi.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"archivoscrosoft.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866566/; classtype:trojan-activity;sid:84729666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866567)"; flow:established,from_client; content:"GET"; http_method; content:"/jxilw/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866567/; classtype:trojan-activity;sid:84729667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866569)"; flow:established,from_client; content:"GET"; http_method; content:"/sass/optimized_msijune.png"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"brenmayasociados.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866569/; classtype:trojan-activity;sid:84729669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866557)"; flow:established,from_client; content:"GET"; http_method; content:"/yhcda/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866557/; classtype:trojan-activity;sid:84729657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866558)"; flow:established,from_client; content:"GET"; http_method; content:"/n64y-jvb2-wt8x-cri7/img_dbtvfp.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866558/; classtype:trojan-activity;sid:84729658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.148.226.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866551/; classtype:trojan-activity;sid:84729651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.250.51.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866552/; classtype:trojan-activity;sid:84729652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.235.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866543/; classtype:trojan-activity;sid:84729643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866524)"; flow:established,from_client; content:"GET"; http_method; content:"/soft.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"gaiadeqi.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866524/; classtype:trojan-activity;sid:84729624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866525)"; flow:established,from_client; content:"GET"; http_method; content:"/bacup_msi.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.152.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866525/; classtype:trojan-activity;sid:84729625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866523)"; flow:established,from_client; content:"GET"; http_method; content:"/upwork/odours.prx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"purmed.ro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866523/; classtype:trojan-activity;sid:84729623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.83.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866522/; classtype:trojan-activity;sid:84729622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.225.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866519/; classtype:trojan-activity;sid:84729619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866520)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"94.156.152.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866520/; classtype:trojan-activity;sid:84729620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866505)"; flow:established,from_client; content:"GET"; http_method; content:"/heromc.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866505/; classtype:trojan-activity;sid:84729605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866506)"; flow:established,from_client; content:"GET"; http_method; content:"/tranphuonglinh.sh"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866506/; classtype:trojan-activity;sid:84729606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866507)"; flow:established,from_client; content:"GET"; http_method; content:"/viet69.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866507/; classtype:trojan-activity;sid:84729607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866508)"; flow:established,from_client; content:"GET"; http_method; content:"/onie_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866508/; classtype:trojan-activity;sid:84729608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866509)"; flow:established,from_client; content:"GET"; http_method; content:"/onie_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866509/; classtype:trojan-activity;sid:84729609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866510)"; flow:established,from_client; content:"GET"; http_method; content:"/onie_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866510/; classtype:trojan-activity;sid:84729610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866511)"; flow:established,from_client; content:"GET"; http_method; content:"/onie_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866511/; classtype:trojan-activity;sid:84729611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866512)"; flow:established,from_client; content:"GET"; http_method; content:"/onie_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866512/; classtype:trojan-activity;sid:84729612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866514)"; flow:established,from_client; content:"GET"; http_method; content:"/onie_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866514/; classtype:trojan-activity;sid:84729614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866515)"; flow:established,from_client; content:"GET"; http_method; content:"/onie_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866515/; classtype:trojan-activity;sid:84729615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866503)"; flow:established,from_client; content:"GET"; http_method; content:"/onie_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.226.250.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866503/; classtype:trojan-activity;sid:84729603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.233.94.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866502/; classtype:trojan-activity;sid:84729602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.164.201.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866501/; classtype:trojan-activity;sid:84729601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.86.251.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866500/; classtype:trojan-activity;sid:84729600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.20.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866498/; classtype:trojan-activity;sid:84729598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.79.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866487/; classtype:trojan-activity;sid:84729587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866485/; classtype:trojan-activity;sid:84729585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.242.14.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866473/; classtype:trojan-activity;sid:84729573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.116.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866471/; classtype:trojan-activity;sid:84729571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.242.14.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866470/; classtype:trojan-activity;sid:84729570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.10.155.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866469/; classtype:trojan-activity;sid:84729569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.10.155.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866468/; classtype:trojan-activity;sid:84729568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.155.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866465/; classtype:trojan-activity;sid:84729565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.237.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866464/; classtype:trojan-activity;sid:84729564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.101.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866463/; classtype:trojan-activity;sid:84729563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.124.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866461/; classtype:trojan-activity;sid:84729561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.155.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866460/; classtype:trojan-activity;sid:84729560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.73.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866457/; classtype:trojan-activity;sid:84729557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.8.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866454/; classtype:trojan-activity;sid:84729554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.199.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866453/; classtype:trojan-activity;sid:84729553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.73.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866452/; classtype:trojan-activity;sid:84729552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.199.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866450/; classtype:trojan-activity;sid:84729550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.173.56.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866449/; classtype:trojan-activity;sid:84729549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.100.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866446/; classtype:trojan-activity;sid:84729546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.251.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866444/; classtype:trojan-activity;sid:84729544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.100.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866440/; classtype:trojan-activity;sid:84729540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.184.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866438/; classtype:trojan-activity;sid:84729538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.255.107.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866436/; classtype:trojan-activity;sid:84729536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.146.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866435/; classtype:trojan-activity;sid:84729535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.242.28.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866433/; classtype:trojan-activity;sid:84729533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.255.107.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866430/; classtype:trojan-activity;sid:84729530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.131.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866428/; classtype:trojan-activity;sid:84729528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.178.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866427/; classtype:trojan-activity;sid:84729527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.127.251.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866426/; classtype:trojan-activity;sid:84729526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.120.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866425/; classtype:trojan-activity;sid:84729525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.189.232.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866424/; classtype:trojan-activity;sid:84729524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.189.232.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866420/; classtype:trojan-activity;sid:84729520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.51.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866417/; classtype:trojan-activity;sid:84729517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.123.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866416/; classtype:trojan-activity;sid:84729516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.12.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_18; reference:url, urlhaus.abuse.ch/url/3866414/; classtype:trojan-activity;sid:84729514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.14.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866409/; classtype:trojan-activity;sid:84729509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.104.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866408/; classtype:trojan-activity;sid:84729508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.14.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866407/; classtype:trojan-activity;sid:84729507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866406)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b3ec35af-9290-4f4a-9c05-7d0ed0e5d779"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"p57bz239.gorgbetkade.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866406/; classtype:trojan-activity;sid:84729506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.250.51.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866405/; classtype:trojan-activity;sid:84729505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.15.242.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866404/; classtype:trojan-activity;sid:84729504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.93.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866403/; classtype:trojan-activity;sid:84729503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.250.51.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866402/; classtype:trojan-activity;sid:84729502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.206.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866401/; classtype:trojan-activity;sid:84729501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.196.29.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866400/; classtype:trojan-activity;sid:84729500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.15.242.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866399/; classtype:trojan-activity;sid:84729499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.196.29.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866398/; classtype:trojan-activity;sid:84729498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.67.33.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866397/; classtype:trojan-activity;sid:84729497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866396/; classtype:trojan-activity;sid:84729496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.75.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866395/; classtype:trojan-activity;sid:84729495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.83.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866394/; classtype:trojan-activity;sid:84729494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.75.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866393/; classtype:trojan-activity;sid:84729493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.102.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866392/; classtype:trojan-activity;sid:84729492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.83.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866391/; classtype:trojan-activity;sid:84729491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.90.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866390/; classtype:trojan-activity;sid:84729490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866389)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=238927cf-27b8-4b24-b82e-5ed0222fdade"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"h0cbv92p.golfbetkade.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866389/; classtype:trojan-activity;sid:84729489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.20.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866388/; classtype:trojan-activity;sid:84729488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.236.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866387/; classtype:trojan-activity;sid:84729487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.236.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866386/; classtype:trojan-activity;sid:84729486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.166.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866385/; classtype:trojan-activity;sid:84729485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866384)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=6f4c3559-b657-4844-ba58-a18fd58c2a98"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"n30b0xx5.megaparikade.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866384/; classtype:trojan-activity;sid:84729484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.139.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866383/; classtype:trojan-activity;sid:84729483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866382)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866382/; classtype:trojan-activity;sid:84729482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.204.196.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866381/; classtype:trojan-activity;sid:84729481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866380)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=39d78721-7bb0-4538-ac2e-93420490df7e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"h2vkq89b.angizeshfarahani.store"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866380/; classtype:trojan-activity;sid:84729480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866379)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=74aac300-d1f2-489e-b4f0-b0d37c75b09a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bbztdp6a.akhbarsport.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866379/; classtype:trojan-activity;sid:84729479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.166.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866378/; classtype:trojan-activity;sid:84729478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.101.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866377/; classtype:trojan-activity;sid:84729477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.204.196.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866376/; classtype:trojan-activity;sid:84729476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866375)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e8c98881-fd1f-4101-a0b6-6bac53f2aa03"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"p4h5mnln.fazbetkade.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866375/; classtype:trojan-activity;sid:84729475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.105.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866374/; classtype:trojan-activity;sid:84729474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866369)"; flow:established,from_client; content:"GET"; http_method; content:"/p"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866369/; classtype:trojan-activity;sid:84729469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866370)"; flow:established,from_client; content:"GET"; http_method; content:"/aul"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866370/; classtype:trojan-activity;sid:84729470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866371)"; flow:established,from_client; content:"GET"; http_method; content:"/ogt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866371/; classtype:trojan-activity;sid:84729471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866372)"; flow:established,from_client; content:"GET"; http_method; content:"/wbj"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866372/; classtype:trojan-activity;sid:84729472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866373)"; flow:established,from_client; content:"GET"; http_method; content:"/jfc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866373/; classtype:trojan-activity;sid:84729473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.87.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866368/; classtype:trojan-activity;sid:84729468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.105.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866367/; classtype:trojan-activity;sid:84729467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866366)"; flow:established,from_client; content:"GET"; http_method; content:"/zkr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866366/; classtype:trojan-activity;sid:84729466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866363)"; flow:established,from_client; content:"GET"; http_method; content:"/hss3"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866363/; classtype:trojan-activity;sid:84729463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866364)"; flow:established,from_client; content:"GET"; http_method; content:"/dtf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866364/; classtype:trojan-activity;sid:84729464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866365)"; flow:established,from_client; content:"GET"; http_method; content:"/ab1h"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"129.121.114.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866365/; classtype:trojan-activity;sid:84729465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866362/; classtype:trojan-activity;sid:84729462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.75.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866361/; classtype:trojan-activity;sid:84729461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866360/; classtype:trojan-activity;sid:84729460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866359)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=64c9da85-2ede-4432-9eaa-83553b084903"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1ycpksxw.hugugmadani6.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866359/; classtype:trojan-activity;sid:84729459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.255.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866358/; classtype:trojan-activity;sid:84729458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.255.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866357/; classtype:trojan-activity;sid:84729457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866356/; classtype:trojan-activity;sid:84729456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866354)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.73.162.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866354/; classtype:trojan-activity;sid:84729454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866355)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.73.162.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866355/; classtype:trojan-activity;sid:84729455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866353)"; flow:established,from_client; content:"GET"; http_method; content:"/a3f8d2/kaizen.x86_64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"83.142.209.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866353/; classtype:trojan-activity;sid:84729453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.87.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866352/; classtype:trojan-activity;sid:84729452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866351)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e3232276-5463-4435-8523-3537efac99ab"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"j7n7i2dx.enfej.win"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866351/; classtype:trojan-activity;sid:84729451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.91.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866350/; classtype:trojan-activity;sid:84729450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"5.8.18.62"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866349/; classtype:trojan-activity;sid:84729449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.8.18.62"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866348/; classtype:trojan-activity;sid:84729448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.169.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866347/; classtype:trojan-activity;sid:84729447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866346)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"67.220.73.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866346/; classtype:trojan-activity;sid:84729446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866345)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.226.124.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866345/; classtype:trojan-activity;sid:84729445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.60.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866344/; classtype:trojan-activity;sid:84729444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.214.149.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866343/; classtype:trojan-activity;sid:84729443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.169.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866342/; classtype:trojan-activity;sid:84729442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.91.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866341/; classtype:trojan-activity;sid:84729441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.92.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866340/; classtype:trojan-activity;sid:84729440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866339)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=382b9b61-cd89-4b7d-a5c7-c5c43ba119fc"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"zt67g44l.ahkam.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866339/; classtype:trojan-activity;sid:84729439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866338)"; flow:established,from_client; content:"GET"; http_method; content:"/35/bestwishesforbestideascomingformebetter.hta"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"104.168.70.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866338/; classtype:trojan-activity;sid:84729438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866337)"; flow:established,from_client; content:"GET"; http_method; content:"/suelarweek.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vrdccbank.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866337/; classtype:trojan-activity;sid:84729437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866333)"; flow:established,from_client; content:"GET"; http_method; content:"/vitiapig/11f027bd-2c86-4b00-bf82-f21228d2f096/refs/heads/main/scr"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866333/; classtype:trojan-activity;sid:84729433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866334)"; flow:established,from_client; content:"GET"; http_method; content:"/5ef443ad-1d5b-4172-8c90-2e7439c9bda5/pf.ch"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"epgggtee.leaguejazire.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866334/; classtype:trojan-activity;sid:84729434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866335)"; flow:established,from_client; content:"GET"; http_method; content:"/52ba152a-5d46-4906-af2c-13ffd80a76bb/we.ch"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"host.zaminshenasi.shop"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866335/; classtype:trojan-activity;sid:84729435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866336)"; flow:established,from_client; content:"GET"; http_method; content:"/vitiapig/api-bd7dff3f-84b7-4bbb-a8e1-7be98555d879/refs/heads/main/threat"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866336/; classtype:trojan-activity;sid:84729436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866332)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kjfr7eubgod_jwbjcdoiu_udkor_undy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866332/; classtype:trojan-activity;sid:84729432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866331)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jjmj9e7at1kw7ejqelx-abyb2095jsve"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866331/; classtype:trojan-activity;sid:84729431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866330)"; flow:established,from_client; content:"GET"; http_method; content:"/stego_payload1.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"semencepourlavie.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866330/; classtype:trojan-activity;sid:84729430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866329)"; flow:established,from_client; content:"GET"; http_method; content:"/wtfueaikzcgpasnybyogk74.bin"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"192.3.136.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866329/; classtype:trojan-activity;sid:84729429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866328)"; flow:established,from_client; content:"GET"; http_method; content:"/soffymot.fla"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.3.136.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866328/; classtype:trojan-activity;sid:84729428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.75.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866327/; classtype:trojan-activity;sid:84729427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866326)"; flow:established,from_client; content:"GET"; http_method; content:"/img/1.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.63.170.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866326/; classtype:trojan-activity;sid:84729426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.101.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866325/; classtype:trojan-activity;sid:84729425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866323)"; flow:established,from_client; content:"GET"; http_method; content:"/1/hnjdmhc.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"216.9.224.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866323/; classtype:trojan-activity;sid:84729423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.162.36.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866324/; classtype:trojan-activity;sid:84729424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866322)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/prestige-1.21.jar"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"prestige-mc.lovable.app"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866322/; classtype:trojan-activity;sid:84729422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866319)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"109.104.153.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866319/; classtype:trojan-activity;sid:84729419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866320)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_4478bd6aec9ae601.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866320/; classtype:trojan-activity;sid:84729420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866321)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_d8ac19371aa6c0b2.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866321/; classtype:trojan-activity;sid:84729421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866317)"; flow:established,from_client; content:"GET"; http_method; content:"/beta/voltrix.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"voltrix.lol"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866317/; classtype:trojan-activity;sid:84729417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.155.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866318/; classtype:trojan-activity;sid:84729418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866316)"; flow:established,from_client; content:"GET"; http_method; content:"/eaevuhuj/1.jpg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"payables-deposit.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866316/; classtype:trojan-activity;sid:84729416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866314)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_83ad5a7d1356ac7e.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866314/; classtype:trojan-activity;sid:84729414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866315)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_63fd82abe8bb1c1a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866315/; classtype:trojan-activity;sid:84729415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.242.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866313/; classtype:trojan-activity;sid:84729413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.187.101.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866312/; classtype:trojan-activity;sid:84729412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.38.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866311/; classtype:trojan-activity;sid:84729411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.123.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866310/; classtype:trojan-activity;sid:84729410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.84.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866309/; classtype:trojan-activity;sid:84729409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.84.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866308/; classtype:trojan-activity;sid:84729408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.60.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866307/; classtype:trojan-activity;sid:84729407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.90.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866306/; classtype:trojan-activity;sid:84729406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.39.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866305/; classtype:trojan-activity;sid:84729405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.69.200.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866304/; classtype:trojan-activity;sid:84729404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.36.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866303/; classtype:trojan-activity;sid:84729403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866302)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=f9b7e304-aa30-437d-97c2-7ea59c4e0c08"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"429jq7cf.ravanshenasi.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866302/; classtype:trojan-activity;sid:84729402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866301)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3c4c17ce-4ba1-4af9-870b-60e8c6a80dfd"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"s5kubntg.enfejkade.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866301/; classtype:trojan-activity;sid:84729401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.105.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866300/; classtype:trojan-activity;sid:84729400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866299)"; flow:established,from_client; content:"GET"; http_method; content:"/92/img_054606.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.172.172.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866299/; classtype:trojan-activity;sid:84729399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.38.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866298/; classtype:trojan-activity;sid:84729398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.36.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866297/; classtype:trojan-activity;sid:84729397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.105.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866296/; classtype:trojan-activity;sid:84729396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866295)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=27d6a1e2-0639-4792-b167-3400a29adbac"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"c9w3m5jq.usoleamoozesh.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866295/; classtype:trojan-activity;sid:84729395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.7.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866294/; classtype:trojan-activity;sid:84729394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.7.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866293/; classtype:trojan-activity;sid:84729393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.168.0.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866292/; classtype:trojan-activity;sid:84729392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.225.189.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866291/; classtype:trojan-activity;sid:84729391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866290)"; flow:established,from_client; content:"GET"; http_method; content:"/ec51e19c-5592-4e8b-a2a3-ec2e651c02a3"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bqmrthe.bankefiile.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866290/; classtype:trojan-activity;sid:84729390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866289)"; flow:established,from_client; content:"GET"; http_method; content:"/6da998d5-6e13-4c29-bc1a-b5098960f9e6"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bvsfuyvu.leaguejazire.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866289/; classtype:trojan-activity;sid:84729389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.225.189.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866288/; classtype:trojan-activity;sid:84729388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866287)"; flow:established,from_client; content:"GET"; http_method; content:"/d1616c6f-858f-4cc0-8f35-38379352b3df"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ugygn.shartmag.bet"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866287/; classtype:trojan-activity;sid:84729387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.250.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866286/; classtype:trojan-activity;sid:84729386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.170.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866285/; classtype:trojan-activity;sid:84729385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.156.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866284/; classtype:trojan-activity;sid:84729384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866283)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=594cffaa-9b60-4d3a-a49c-6f209794d577"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"uwso33yr.riyazinikokar.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866283/; classtype:trojan-activity;sid:84729383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866282)"; flow:established,from_client; content:"GET"; http_method; content:"/d44189ed-c138-4551-90a7-065fc817d993"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cjbbdtba.maharatmodiran.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866282/; classtype:trojan-activity;sid:84729382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.45.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866281/; classtype:trojan-activity;sid:84729381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.93.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866280/; classtype:trojan-activity;sid:84729380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.237.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866278/; classtype:trojan-activity;sid:84729378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.45.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866279/; classtype:trojan-activity;sid:84729379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.238.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866277/; classtype:trojan-activity;sid:84729377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.170.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866276/; classtype:trojan-activity;sid:84729376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866275)"; flow:established,from_client; content:"GET"; http_method; content:"/27cf5719-9c1a-43bc-ad79-cf99ff63d5d4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vprhcxyu.masirpayambari.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866275/; classtype:trojan-activity;sid:84729375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.118.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866274/; classtype:trojan-activity;sid:84729374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.167.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866273/; classtype:trojan-activity;sid:84729373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866272)"; flow:established,from_client; content:"GET"; http_method; content:"/0c09af33-a857-4324-8242-a0b29d0c5940"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qgkzqew.azmoonzare.online"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866272/; classtype:trojan-activity;sid:84729372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866271)"; flow:established,from_client; content:"GET"; http_method; content:"/5d025454-aaa1-4694-8e70-d0c2546a6188"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zyiirlrr.tarikhravannovin.shop"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866271/; classtype:trojan-activity;sid:84729371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.87.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866270/; classtype:trojan-activity;sid:84729370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.167.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866269/; classtype:trojan-activity;sid:84729369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.3.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866268/; classtype:trojan-activity;sid:84729368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866267)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=987db032-119f-4333-8d00-3c1c41c4efd6"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"nc45aae1.tractor11.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866267/; classtype:trojan-activity;sid:84729367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866266)"; flow:established,from_client; content:"GET"; http_method; content:"/a7d484fb-340b-4356-a80e-020d0e5b78be"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ysulmnsc.sanjeshravani.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866266/; classtype:trojan-activity;sid:84729366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.31.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866265/; classtype:trojan-activity;sid:84729365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.3.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866264/; classtype:trojan-activity;sid:84729364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.228.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866263/; classtype:trojan-activity;sid:84729363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866262)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d907e2df-b265-45c5-8d06-6cf9edf2bb94"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1z2x5bu4.modiriyatnikbakht.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866262/; classtype:trojan-activity;sid:84729362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.63.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866261/; classtype:trojan-activity;sid:84729361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866260)"; flow:established,from_client; content:"GET"; http_method; content:"/b3dca007-3ee3-458e-8c10-476918b8a0c8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jwouoops.sakhtemandade.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866260/; classtype:trojan-activity;sid:84729360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.63.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866259/; classtype:trojan-activity;sid:84729359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.31.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866258/; classtype:trojan-activity;sid:84729358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.157.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866257/; classtype:trojan-activity;sid:84729357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.146.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866256/; classtype:trojan-activity;sid:84729356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.221.79.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866255/; classtype:trojan-activity;sid:84729355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.157.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866254/; classtype:trojan-activity;sid:84729354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.221.79.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866253/; classtype:trojan-activity;sid:84729353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.225.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866252/; classtype:trojan-activity;sid:84729352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.225.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866251/; classtype:trojan-activity;sid:84729351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866250)"; flow:established,from_client; content:"GET"; http_method; content:"/189f2bc8-128c-435a-b6d7-2cf9fc473141"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"wwocqmw.motorbook.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866250/; classtype:trojan-activity;sid:84729350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866248)"; flow:established,from_client; content:"GET"; http_method; content:"/cf8daa18-1a3f-4c08-86a0-1d6c3949ace9"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pvxvwrfu.sadreislam.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866248/; classtype:trojan-activity;sid:84729348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866249)"; flow:established,from_client; content:"GET"; http_method; content:"/a98cc107-c233-4f25-86ce-6ea557d44131"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hzvho.shartbandifootballkade.online"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866249/; classtype:trojan-activity;sid:84729349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.239.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866247/; classtype:trojan-activity;sid:84729347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866246)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b5d03285-0a24-47e8-addd-9a9cd0a30c2a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ym88gu70.nazariyeyadgiri.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866246/; classtype:trojan-activity;sid:84729346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.239.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866245/; classtype:trojan-activity;sid:84729345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.7.87"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866244/; classtype:trojan-activity;sid:84729344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866243)"; flow:established,from_client; content:"GET"; http_method; content:"/81/img_085818.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"66.63.170.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866243/; classtype:trojan-activity;sid:84729343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866241)"; flow:established,from_client; content:"GET"; http_method; content:"/vxtewp"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lemon-kutt.lemon.cchan.tv"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866241/; classtype:trojan-activity;sid:84729341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866242)"; flow:established,from_client; content:"GET"; http_method; content:"/wuswb"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866242/; classtype:trojan-activity;sid:84729342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866240)"; flow:established,from_client; content:"GET"; http_method; content:"/yeqafn"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cuth.me"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866240/; classtype:trojan-activity;sid:84729340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866234)"; flow:established,from_client; content:"GET"; http_method; content:"/httpsexpertinsights.comdata-security-and-privacytop-secure-file-sharing-storage-services-need.php"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"66.63.170.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866234/; classtype:trojan-activity;sid:84729334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866235)"; flow:established,from_client; content:"GET"; http_method; content:"/httpswww.digitaltrends.comcomputingai-browsers-are-here-and-you-need-to-learn-how-to-use-the-web-properly.php"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"66.63.170.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866235/; classtype:trojan-activity;sid:84729335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866236)"; flow:established,from_client; content:"GET"; http_method; content:"/81/kingsibacktoruletheworld.hta"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"66.63.170.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866236/; classtype:trojan-activity;sid:84729336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866237)"; flow:established,from_client; content:"GET"; http_method; content:"/301/weneedbetterplacewithbestfeature.hta"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"66.63.170.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866237/; classtype:trojan-activity;sid:84729337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866238)"; flow:established,from_client; content:"GET"; http_method; content:"/301/img_044239.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"66.63.170.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866238/; classtype:trojan-activity;sid:84729338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866239)"; flow:established,from_client; content:"GET"; http_method; content:"/eugfh3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"masuk.to"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866239/; classtype:trojan-activity;sid:84729339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866233)"; flow:established,from_client; content:"GET"; http_method; content:"/yhcda"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866233/; classtype:trojan-activity;sid:84729333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866225)"; flow:established,from_client; content:"GET"; http_method; content:"/dopkb"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866225/; classtype:trojan-activity;sid:84729325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866226)"; flow:established,from_client; content:"GET"; http_method; content:"/pijol"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866226/; classtype:trojan-activity;sid:84729326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866227)"; flow:established,from_client; content:"GET"; http_method; content:"/ggldg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866227/; classtype:trojan-activity;sid:84729327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866228)"; flow:established,from_client; content:"GET"; http_method; content:"/eapfp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866228/; classtype:trojan-activity;sid:84729328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866229)"; flow:established,from_client; content:"GET"; http_method; content:"/etivi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866229/; classtype:trojan-activity;sid:84729329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866230)"; flow:established,from_client; content:"GET"; http_method; content:"/nkgaa"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866230/; classtype:trojan-activity;sid:84729330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866231)"; flow:established,from_client; content:"GET"; http_method; content:"/kugef"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866231/; classtype:trojan-activity;sid:84729331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866232)"; flow:established,from_client; content:"GET"; http_method; content:"/ulucj"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866232/; classtype:trojan-activity;sid:84729332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866221)"; flow:established,from_client; content:"GET"; http_method; content:"/ekkrr"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866221/; classtype:trojan-activity;sid:84729321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866222)"; flow:established,from_client; content:"GET"; http_method; content:"/bvxma"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866222/; classtype:trojan-activity;sid:84729322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866223)"; flow:established,from_client; content:"GET"; http_method; content:"/wixpl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866223/; classtype:trojan-activity;sid:84729323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866224)"; flow:established,from_client; content:"GET"; http_method; content:"/slive.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pub-ce54f1982e42425c94a1dd345decfbb9.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866224/; classtype:trojan-activity;sid:84729324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866220)"; flow:established,from_client; content:"GET"; http_method; content:"/vplaqn.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pub-14b7818eeed2473fb453a2385620ceb9.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866220/; classtype:trojan-activity;sid:84729320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866218)"; flow:established,from_client; content:"GET"; http_method; content:"/jxilw"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866218/; classtype:trojan-activity;sid:84729318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866219)"; flow:established,from_client; content:"GET"; http_method; content:"/vzjbj"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866219/; classtype:trojan-activity;sid:84729319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866214)"; flow:established,from_client; content:"GET"; http_method; content:"/vemrp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866214/; classtype:trojan-activity;sid:84729314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866215)"; flow:established,from_client; content:"GET"; http_method; content:"/ncaey"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866215/; classtype:trojan-activity;sid:84729315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866216)"; flow:established,from_client; content:"GET"; http_method; content:"/vyvzu"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866216/; classtype:trojan-activity;sid:84729316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866217)"; flow:established,from_client; content:"GET"; http_method; content:"/new/optimized_msi.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"acmgrupo.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866217/; classtype:trojan-activity;sid:84729317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866207)"; flow:established,from_client; content:"GET"; http_method; content:"/6ns9-9zty-n247-ux3j/img_wp6sn7.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866207/; classtype:trojan-activity;sid:84729307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866208)"; flow:established,from_client; content:"GET"; http_method; content:"/qqib-j3ob-picl-3175/img_x231jh.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866208/; classtype:trojan-activity;sid:84729308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866209)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ugjg0s"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"as.al"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866209/; classtype:trojan-activity;sid:84729309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866210)"; flow:established,from_client; content:"GET"; http_method; content:"/egycw"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866210/; classtype:trojan-activity;sid:84729310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866211)"; flow:established,from_client; content:"GET"; http_method; content:"/anwad"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866211/; classtype:trojan-activity;sid:84729311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866212)"; flow:established,from_client; content:"GET"; http_method; content:"/yxybf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866212/; classtype:trojan-activity;sid:84729312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866213)"; flow:established,from_client; content:"GET"; http_method; content:"/yxgqj"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866213/; classtype:trojan-activity;sid:84729313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866206)"; flow:established,from_client; content:"GET"; http_method; content:"/nyeql"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866206/; classtype:trojan-activity;sid:84729306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866205)"; flow:established,from_client; content:"GET"; http_method; content:"/bhh545578-lab/asasasas/refs/heads/main/kalel123.png"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866205/; classtype:trojan-activity;sid:84729305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866203)"; flow:established,from_client; content:"GET"; http_method; content:"/qqib-j3ob-picl-3175/img_id20y0.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866203/; classtype:trojan-activity;sid:84729303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866204)"; flow:established,from_client; content:"GET"; http_method; content:"/jungle.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"filesco.lovestoblog.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866204/; classtype:trojan-activity;sid:84729304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866202)"; flow:established,from_client; content:"GET"; http_method; content:"/file/azkztt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"as.al"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866202/; classtype:trojan-activity;sid:84729302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866201)"; flow:established,from_client; content:"GET"; http_method; content:"/public/2026-06-03/f2760afb-0bc2-4ad4-9a54-c3a9079de4ff/7896789678jkljmnijnm.png"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"d7.tfdl.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866201/; classtype:trojan-activity;sid:84729301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866199)"; flow:established,from_client; content:"GET"; http_method; content:"/common/caches/optimized.png"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"kpmmg.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866199/; classtype:trojan-activity;sid:84729299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866200)"; flow:established,from_client; content:"GET"; http_method; content:"/public/2026-06-03/f2760afb-0bc2-4ad4-9a54-c3a9079de4ff/7896789678jkljmnijnm.png"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"d7.tfdl.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866200/; classtype:trojan-activity;sid:84729300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866198)"; flow:established,from_client; content:"GET"; http_method; content:"/f7867ebc-0feb-4857-8a84-46f85540c05a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bchvsotq.questionsmotor.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866198/; classtype:trojan-activity;sid:84729298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866197)"; flow:established,from_client; content:"GET"; http_method; content:"/8fcd7bde-bdbc-4758-bd07-758eee56888d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"brsppaxh.psgnewsiran.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866197/; classtype:trojan-activity;sid:84729297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.223.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866196/; classtype:trojan-activity;sid:84729296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866195)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=cb0ac5a3-510f-4f2a-877f-be287da5ff0b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"9y6ugqql.zabanenglishanari.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866195/; classtype:trojan-activity;sid:84729295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866194)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"powershell-storage.vg"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866194/; classtype:trojan-activity;sid:84729294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.27.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866193/; classtype:trojan-activity;sid:84729293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866192/; classtype:trojan-activity;sid:84729292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866191)"; flow:established,from_client; content:"GET"; http_method; content:"/4414c4c6-b5b9-4919-b252-65dc2d132daf"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"okuiwrsf.prozhedownload.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866191/; classtype:trojan-activity;sid:84729291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866190)"; flow:established,from_client; content:"GET"; http_method; content:"/bd92e7bb-088d-4b15-8863-4f2aa46e4dc1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hxelbvz.moshavereravan.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866190/; classtype:trojan-activity;sid:84729290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866189)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=f4cd3e5e-18c2-44b0-a114-b912960c0933"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"iayeu5kp.testranandegi.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866189/; classtype:trojan-activity;sid:84729289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.214.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866188/; classtype:trojan-activity;sid:84729288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866187)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_6c05a5217493f0e7.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866187/; classtype:trojan-activity;sid:84729287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866186)"; flow:established,from_client; content:"GET"; http_method; content:"/dbba1493-fee8-491e-9841-fb8e8272ab33"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zffeyivj.prozhedownload.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866186/; classtype:trojan-activity;sid:84729286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.94.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866185/; classtype:trojan-activity;sid:84729285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.101.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866184/; classtype:trojan-activity;sid:84729284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866183)"; flow:established,from_client; content:"GET"; http_method; content:"/load/kythy.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866183/; classtype:trojan-activity;sid:84729283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866178)"; flow:established,from_client; content:"GET"; http_method; content:"/load/jhgkuyyg.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866178/; classtype:trojan-activity;sid:84729278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866179)"; flow:established,from_client; content:"GET"; http_method; content:"/load/hnmh.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866179/; classtype:trojan-activity;sid:84729279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866180)"; flow:established,from_client; content:"GET"; http_method; content:"/load/iuyuh.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866180/; classtype:trojan-activity;sid:84729280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866181)"; flow:established,from_client; content:"GET"; http_method; content:"/load/hjbk.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866181/; classtype:trojan-activity;sid:84729281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866182)"; flow:established,from_client; content:"GET"; http_method; content:"/load/bjbh.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866182/; classtype:trojan-activity;sid:84729282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866176)"; flow:established,from_client; content:"GET"; http_method; content:"/load/werwte.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866176/; classtype:trojan-activity;sid:84729276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866177)"; flow:established,from_client; content:"GET"; http_method; content:"/load/ojujn.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866177/; classtype:trojan-activity;sid:84729277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866175)"; flow:established,from_client; content:"GET"; http_method; content:"/load/kliulij.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866175/; classtype:trojan-activity;sid:84729275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866174)"; flow:established,from_client; content:"GET"; http_method; content:"/load/os1/t5.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866174/; classtype:trojan-activity;sid:84729274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866172)"; flow:established,from_client; content:"GET"; http_method; content:"/load/os1/kugdq.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866172/; classtype:trojan-activity;sid:84729272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866173)"; flow:established,from_client; content:"GET"; http_method; content:"/load/os1/greatcherry.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866173/; classtype:trojan-activity;sid:84729273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866170)"; flow:established,from_client; content:"GET"; http_method; content:"/load/os1/u1.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866170/; classtype:trojan-activity;sid:84729270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866171)"; flow:established,from_client; content:"GET"; http_method; content:"/load/os1/crz.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866171/; classtype:trojan-activity;sid:84729271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866168)"; flow:established,from_client; content:"GET"; http_method; content:"/load/os1/cry.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866168/; classtype:trojan-activity;sid:84729268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866169)"; flow:established,from_client; content:"GET"; http_method; content:"/load/os1/qwe.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866169/; classtype:trojan-activity;sid:84729269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866167)"; flow:established,from_client; content:"GET"; http_method; content:"/load/os1/beb.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dfgjhkllkhuuk.info"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866167/; classtype:trojan-activity;sid:84729267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866166)"; flow:established,from_client; content:"GET"; http_method; content:"/701b2e4d-52e7-430f-a821-038fd55563ec"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"useeuclu.prozhecart.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866166/; classtype:trojan-activity;sid:84729266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866157)"; flow:established,from_client; content:"GET"; http_method; content:"/bc5646"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866157/; classtype:trojan-activity;sid:84729257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866158)"; flow:established,from_client; content:"GET"; http_method; content:"/f77596"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866158/; classtype:trojan-activity;sid:84729258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866159)"; flow:established,from_client; content:"GET"; http_method; content:"/057349"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866159/; classtype:trojan-activity;sid:84729259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866160)"; flow:established,from_client; content:"GET"; http_method; content:"/62ae5d"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866160/; classtype:trojan-activity;sid:84729260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866161)"; flow:established,from_client; content:"GET"; http_method; content:"/402e0d"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866161/; classtype:trojan-activity;sid:84729261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866162)"; flow:established,from_client; content:"GET"; http_method; content:"/f96ad3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866162/; classtype:trojan-activity;sid:84729262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866163)"; flow:established,from_client; content:"GET"; http_method; content:"/76a86d"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866163/; classtype:trojan-activity;sid:84729263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866164)"; flow:established,from_client; content:"GET"; http_method; content:"/dded6f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866164/; classtype:trojan-activity;sid:84729264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866165)"; flow:established,from_client; content:"GET"; http_method; content:"/c57301"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866165/; classtype:trojan-activity;sid:84729265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866156)"; flow:established,from_client; content:"GET"; http_method; content:"/4aa3e0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866156/; classtype:trojan-activity;sid:84729256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866155)"; flow:established,from_client; content:"GET"; http_method; content:"/dbf80d"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866155/; classtype:trojan-activity;sid:84729255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866136)"; flow:established,from_client; content:"GET"; http_method; content:"/e78f55"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866136/; classtype:trojan-activity;sid:84729236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866137)"; flow:established,from_client; content:"GET"; http_method; content:"/893d1b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866137/; classtype:trojan-activity;sid:84729237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866138)"; flow:established,from_client; content:"GET"; http_method; content:"/492c83"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866138/; classtype:trojan-activity;sid:84729238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866139)"; flow:established,from_client; content:"GET"; http_method; content:"/af9940"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866139/; classtype:trojan-activity;sid:84729239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866140)"; flow:established,from_client; content:"GET"; http_method; content:"/1e5164"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866140/; classtype:trojan-activity;sid:84729240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866141)"; flow:established,from_client; content:"GET"; http_method; content:"/bd448f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866141/; classtype:trojan-activity;sid:84729241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866142)"; flow:established,from_client; content:"GET"; http_method; content:"/0b9e47"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866142/; classtype:trojan-activity;sid:84729242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866143)"; flow:established,from_client; content:"GET"; http_method; content:"/5c77b8"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866143/; classtype:trojan-activity;sid:84729243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866144)"; flow:established,from_client; content:"GET"; http_method; content:"/e0ad76"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866144/; classtype:trojan-activity;sid:84729244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866145)"; flow:established,from_client; content:"GET"; http_method; content:"/3a1cb2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866145/; classtype:trojan-activity;sid:84729245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866146)"; flow:established,from_client; content:"GET"; http_method; content:"/7d81c1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866146/; classtype:trojan-activity;sid:84729246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866147)"; flow:established,from_client; content:"GET"; http_method; content:"/e33912"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866147/; classtype:trojan-activity;sid:84729247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866148)"; flow:established,from_client; content:"GET"; http_method; content:"/c8a68a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866148/; classtype:trojan-activity;sid:84729248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866149)"; flow:established,from_client; content:"GET"; http_method; content:"/ccecea"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866149/; classtype:trojan-activity;sid:84729249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866150)"; flow:established,from_client; content:"GET"; http_method; content:"/ea3ced"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866150/; classtype:trojan-activity;sid:84729250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866151)"; flow:established,from_client; content:"GET"; http_method; content:"/ad0585"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866151/; classtype:trojan-activity;sid:84729251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866152)"; flow:established,from_client; content:"GET"; http_method; content:"/a09043"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866152/; classtype:trojan-activity;sid:84729252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866153)"; flow:established,from_client; content:"GET"; http_method; content:"/58f304"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866153/; classtype:trojan-activity;sid:84729253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866154)"; flow:established,from_client; content:"GET"; http_method; content:"/bae5fa"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866154/; classtype:trojan-activity;sid:84729254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866129)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.251.181.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866129/; classtype:trojan-activity;sid:84729229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866130)"; flow:established,from_client; content:"GET"; http_method; content:"/c3a0e5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866130/; classtype:trojan-activity;sid:84729230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866131)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.251.181.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866131/; classtype:trojan-activity;sid:84729231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866132)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.251.181.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866132/; classtype:trojan-activity;sid:84729232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866133)"; flow:established,from_client; content:"GET"; http_method; content:"/45fb47"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866133/; classtype:trojan-activity;sid:84729233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866134)"; flow:established,from_client; content:"GET"; http_method; content:"/arm_soft"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"104.251.181.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866134/; classtype:trojan-activity;sid:84729234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866135)"; flow:established,from_client; content:"GET"; http_method; content:"/boss"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866135/; classtype:trojan-activity;sid:84729235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866114)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.251.181.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866114/; classtype:trojan-activity;sid:84729214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866115)"; flow:established,from_client; content:"GET"; http_method; content:"/px86"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.100.36.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866115/; classtype:trojan-activity;sid:84729215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866116)"; flow:established,from_client; content:"GET"; http_method; content:"/arm_soft2"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"104.251.181.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866116/; classtype:trojan-activity;sid:84729216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866117)"; flow:established,from_client; content:"GET"; http_method; content:"/parm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.100.36.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866117/; classtype:trojan-activity;sid:84729217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866118)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.251.181.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866118/; classtype:trojan-activity;sid:84729218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866119)"; flow:established,from_client; content:"GET"; http_method; content:"/traffaarch"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866119/; classtype:trojan-activity;sid:84729219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866120)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.251.181.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866120/; classtype:trojan-activity;sid:84729220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866121)"; flow:established,from_client; content:"GET"; http_method; content:"/arm_soft3"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"104.251.181.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866121/; classtype:trojan-activity;sid:84729221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866122)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.251.181.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866122/; classtype:trojan-activity;sid:84729222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866123)"; flow:established,from_client; content:"GET"; http_method; content:"/parm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.100.36.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866123/; classtype:trojan-activity;sid:84729223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866124)"; flow:established,from_client; content:"GET"; http_method; content:"/parm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.100.36.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866124/; classtype:trojan-activity;sid:84729224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866125)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc2"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.251.181.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866125/; classtype:trojan-activity;sid:84729225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866126)"; flow:established,from_client; content:"GET"; http_method; content:"/parm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.100.36.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866126/; classtype:trojan-activity;sid:84729226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866127)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k2"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"104.251.181.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866127/; classtype:trojan-activity;sid:84729227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866128)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.251.181.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866128/; classtype:trojan-activity;sid:84729228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866111)"; flow:established,from_client; content:"GET"; http_method; content:"/a79e1e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866111/; classtype:trojan-activity;sid:84729211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866112)"; flow:established,from_client; content:"GET"; http_method; content:"/6c85f6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866112/; classtype:trojan-activity;sid:84729212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866113)"; flow:established,from_client; content:"GET"; http_method; content:"/px86_64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.100.36.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866113/; classtype:trojan-activity;sid:84729213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866109)"; flow:established,from_client; content:"GET"; http_method; content:"/26ad7d"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866109/; classtype:trojan-activity;sid:84729209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866110)"; flow:established,from_client; content:"GET"; http_method; content:"/ade2c6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866110/; classtype:trojan-activity;sid:84729210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.188.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866108/; classtype:trojan-activity;sid:84729208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866107)"; flow:established,from_client; content:"GET"; http_method; content:"/e5eu2m.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866107/; classtype:trojan-activity;sid:84729207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866105)"; flow:established,from_client; content:"GET"; http_method; content:"/bassetscontents/dhxdaeufkcfxdtfkhlfgckfxkfxjdzhszeffxesezdhdzsdsdhhzszsdhdxxz/gyvuder.exe"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"bagsrad.work"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866105/; classtype:trojan-activity;sid:84729205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.188.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866104/; classtype:trojan-activity;sid:84729204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.249.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866103/; classtype:trojan-activity;sid:84729203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.198.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866100/; classtype:trojan-activity;sid:84729200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.223.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866101/; classtype:trojan-activity;sid:84729201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.73.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866102/; classtype:trojan-activity;sid:84729202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866097)"; flow:established,from_client; content:"GET"; http_method; content:"/zxsrm/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866097/; classtype:trojan-activity;sid:84729197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866098)"; flow:established,from_client; content:"GET"; http_method; content:"/fmjidmb.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"216.250.248.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866098/; classtype:trojan-activity;sid:84729198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866099)"; flow:established,from_client; content:"GET"; http_method; content:"/ovogenetic.smi"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tu.feyhaum.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866099/; classtype:trojan-activity;sid:84729199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866096)"; flow:established,from_client; content:"GET"; http_method; content:"/bdtrm181.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"192.3.136.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866096/; classtype:trojan-activity;sid:84729196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866095)"; flow:established,from_client; content:"GET"; http_method; content:"/persona.snp"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.3.136.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866095/; classtype:trojan-activity;sid:84729195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866094)"; flow:established,from_client; content:"GET"; http_method; content:"/displaytracing"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"paste.sensio.no"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866094/; classtype:trojan-activity;sid:84729194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866093)"; flow:established,from_client; content:"GET"; http_method; content:"/23e56000-c578-4482-9e4a-3eccf1e9465f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xmyzx.shansline.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866093/; classtype:trojan-activity;sid:84729193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866090)"; flow:established,from_client; content:"GET"; http_method; content:"/pgkcx/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866090/; classtype:trojan-activity;sid:84729190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866091)"; flow:established,from_client; content:"GET"; http_method; content:"/hjjag/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866091/; classtype:trojan-activity;sid:84729191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866092)"; flow:established,from_client; content:"GET"; http_method; content:"/yxzkk/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866092/; classtype:trojan-activity;sid:84729192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866079)"; flow:established,from_client; content:"GET"; http_method; content:"/hrrtu/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866079/; classtype:trojan-activity;sid:84729179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866080)"; flow:established,from_client; content:"GET"; http_method; content:"/cqehd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866080/; classtype:trojan-activity;sid:84729180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866081)"; flow:established,from_client; content:"GET"; http_method; content:"/n64y-jvb2-wt8x-cri7/img_ghgl33.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866081/; classtype:trojan-activity;sid:84729181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866082)"; flow:established,from_client; content:"GET"; http_method; content:"/.bitcoin/wallet.dat/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866082/; classtype:trojan-activity;sid:84729182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866083)"; flow:established,from_client; content:"GET"; http_method; content:"/ovrtw2c20https3a/anyioba.lovestoblog.com/"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866083/; classtype:trojan-activity;sid:84729183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866084)"; flow:established,from_client; content:"GET"; http_method; content:"/tblpv/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866084/; classtype:trojan-activity;sid:84729184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866085)"; flow:established,from_client; content:"GET"; http_method; content:"/zdpmn/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866085/; classtype:trojan-activity;sid:84729185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866086)"; flow:established,from_client; content:"GET"; http_method; content:"/kdeaa"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866086/; classtype:trojan-activity;sid:84729186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866087)"; flow:established,from_client; content:"GET"; http_method; content:"/zpehh/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866087/; classtype:trojan-activity;sid:84729187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866088)"; flow:established,from_client; content:"GET"; http_method; content:"/media:80"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866088/; classtype:trojan-activity;sid:84729188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866089)"; flow:established,from_client; content:"GET"; http_method; content:"/ovrtw/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866089/; classtype:trojan-activity;sid:84729189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866071)"; flow:established,from_client; content:"GET"; http_method; content:"/obhny/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866071/; classtype:trojan-activity;sid:84729171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866072)"; flow:established,from_client; content:"GET"; http_method; content:"/exixj/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866072/; classtype:trojan-activity;sid:84729172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866073)"; flow:established,from_client; content:"GET"; http_method; content:"/nxpkj/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866073/; classtype:trojan-activity;sid:84729173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866074)"; flow:established,from_client; content:"GET"; http_method; content:"/tperm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866074/; classtype:trojan-activity;sid:84729174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866075)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019:80"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866075/; classtype:trojan-activity;sid:84729175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866076)"; flow:established,from_client; content:"GET"; http_method; content:"/ymxmd/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866076/; classtype:trojan-activity;sid:84729176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866077)"; flow:established,from_client; content:"GET"; http_method; content:"/nvmru/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866077/; classtype:trojan-activity;sid:84729177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866078)"; flow:established,from_client; content:"GET"; http_method; content:"/ydmdx/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866078/; classtype:trojan-activity;sid:84729178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866067)"; flow:established,from_client; content:"GET"; http_method; content:"/mrvnd/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866067/; classtype:trojan-activity;sid:84729167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866068)"; flow:established,from_client; content:"GET"; http_method; content:"/qmvaz/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866068/; classtype:trojan-activity;sid:84729168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866069)"; flow:established,from_client; content:"GET"; http_method; content:"/dncrp/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866069/; classtype:trojan-activity;sid:84729169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866070)"; flow:established,from_client; content:"GET"; http_method; content:"/git:80"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866070/; classtype:trojan-activity;sid:84729170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866058)"; flow:established,from_client; content:"GET"; http_method; content:"/eyifg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866058/; classtype:trojan-activity;sid:84729158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866059)"; flow:established,from_client; content:"GET"; http_method; content:"/media/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866059/; classtype:trojan-activity;sid:84729159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866060)"; flow:established,from_client; content:"GET"; http_method; content:"/uawix/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866060/; classtype:trojan-activity;sid:84729160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866061)"; flow:established,from_client; content:"GET"; http_method; content:"/unmlo"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866061/; classtype:trojan-activity;sid:84729161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866062)"; flow:established,from_client; content:"GET"; http_method; content:"/rmuga/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866062/; classtype:trojan-activity;sid:84729162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866063)"; flow:established,from_client; content:"GET"; http_method; content:"/cajkj/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866063/; classtype:trojan-activity;sid:84729163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866064)"; flow:established,from_client; content:"GET"; http_method; content:"/ydbbt/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866064/; classtype:trojan-activity;sid:84729164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866065)"; flow:established,from_client; content:"GET"; http_method; content:"/oslap/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866065/; classtype:trojan-activity;sid:84729165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866066)"; flow:established,from_client; content:"GET"; http_method; content:"/qqib-j3ob-picl-3175/img_jp7b12.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866066/; classtype:trojan-activity;sid:84729166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866057)"; flow:established,from_client; content:"GET"; http_method; content:"/file/1urakt/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"as.al"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866057/; classtype:trojan-activity;sid:84729157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866056)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866056/; classtype:trojan-activity;sid:84729156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866055)"; flow:established,from_client; content:"GET"; http_method; content:"/zacaj/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866055/; classtype:trojan-activity;sid:84729155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866054)"; flow:established,from_client; content:"GET"; http_method; content:"/jxdpx"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866054/; classtype:trojan-activity;sid:84729154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866053)"; flow:established,from_client; content:"GET"; http_method; content:"/govwh/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866053/; classtype:trojan-activity;sid:84729153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866052)"; flow:established,from_client; content:"GET"; http_method; content:"/deikautoc.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pub-fb3a8d5dd3364b508bead702996a325c.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866052/; classtype:trojan-activity;sid:84729152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866051)"; flow:established,from_client; content:"GET"; http_method; content:"/pay.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.100.36.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866051/; classtype:trojan-activity;sid:84729151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866050)"; flow:established,from_client; content:"GET"; http_method; content:"/img/imgg.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"increvalor.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866050/; classtype:trojan-activity;sid:84729150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866048)"; flow:established,from_client; content:"GET"; http_method; content:"/desej"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866048/; classtype:trojan-activity;sid:84729148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866049)"; flow:established,from_client; content:"GET"; http_method; content:"/pomcp/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866049/; classtype:trojan-activity;sid:84729149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/optimized_msi.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"kaza.com.hk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866047/; classtype:trojan-activity;sid:84729147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866046)"; flow:established,from_client; content:"GET"; http_method; content:"/709f0199-d574-4004-ba16-4b25c241c5cb"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ydgnpzbc.mechanicsayalat.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866046/; classtype:trojan-activity;sid:84729146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.223.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866045/; classtype:trojan-activity;sid:84729145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.198.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866044/; classtype:trojan-activity;sid:84729144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866043)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=41da8f99-7a82-4c34-961f-d77b7b44e2cc"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"zmnrfyvt.vanatarsim.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866043/; classtype:trojan-activity;sid:84729143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.211.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866042/; classtype:trojan-activity;sid:84729142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.204.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866041/; classtype:trojan-activity;sid:84729141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.73.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866040/; classtype:trojan-activity;sid:84729140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866039)"; flow:established,from_client; content:"GET"; http_method; content:"/fb6cf4c4-cc1b-4f54-a500-6d46f41b11d6"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"posnxub.mabaninazaridelavar.xyz"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866039/; classtype:trojan-activity;sid:84729139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.254.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866038/; classtype:trojan-activity;sid:84729138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.113.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866037/; classtype:trojan-activity;sid:84729137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866036)"; flow:established,from_client; content:"GET"; http_method; content:"/f7b20024-4a99-404a-8420-e3dc9e0f4594"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"uuoecnbs.mechanickhodakarami.shop"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866036/; classtype:trojan-activity;sid:84729136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.240.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866035/; classtype:trojan-activity;sid:84729135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.5.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866034/; classtype:trojan-activity;sid:84729134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.113.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866033/; classtype:trojan-activity;sid:84729133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.238.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866031/; classtype:trojan-activity;sid:84729131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.204.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866032/; classtype:trojan-activity;sid:84729132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866028)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.42.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866028/; classtype:trojan-activity;sid:84729128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866029)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.92.42.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866029/; classtype:trojan-activity;sid:84729129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866030)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.92.42.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866030/; classtype:trojan-activity;sid:84729130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866026)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.42.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866026/; classtype:trojan-activity;sid:84729126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866027)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.42.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866027/; classtype:trojan-activity;sid:84729127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866021)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.42.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866021/; classtype:trojan-activity;sid:84729121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866022)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.92.42.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866022/; classtype:trojan-activity;sid:84729122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866023)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/floyyd.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.42.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866023/; classtype:trojan-activity;sid:84729123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866024)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.92.42.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866024/; classtype:trojan-activity;sid:84729124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866025)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.92.42.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866025/; classtype:trojan-activity;sid:84729125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866016)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.42.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866016/; classtype:trojan-activity;sid:84729116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866017)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.42.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866017/; classtype:trojan-activity;sid:84729117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866018)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dbg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.42.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866018/; classtype:trojan-activity;sid:84729118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866019)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.92.42.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866019/; classtype:trojan-activity;sid:84729119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866020)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.92.42.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866020/; classtype:trojan-activity;sid:84729120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.5.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866015/; classtype:trojan-activity;sid:84729115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.113.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866014/; classtype:trojan-activity;sid:84729114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.254.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866013/; classtype:trojan-activity;sid:84729113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.238.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866012/; classtype:trojan-activity;sid:84729112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866011)"; flow:established,from_client; content:"GET"; http_method; content:"/017e7c95-0403-4b73-aac4-6bc4f5530957"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xcioxhpp.masirpayambari.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866011/; classtype:trojan-activity;sid:84729111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.99.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866010/; classtype:trojan-activity;sid:84729110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866008)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/frosty.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"86.54.82.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866008/; classtype:trojan-activity;sid:84729108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.99.31.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866009/; classtype:trojan-activity;sid:84729109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.95.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866006/; classtype:trojan-activity;sid:84729106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.30.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866007/; classtype:trojan-activity;sid:84729107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866005)"; flow:established,from_client; content:"GET"; http_method; content:"/superplayer.cmd"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tube-18.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866005/; classtype:trojan-activity;sid:84729105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866001)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"vid-16-07.vercel.app"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866001/; classtype:trojan-activity;sid:84729101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.245.204.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866002/; classtype:trojan-activity;sid:84729102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866003)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"policework1606.vercel.app"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866003/; classtype:trojan-activity;sid:84729103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866004)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"police1606real.vercel.app"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866004/; classtype:trojan-activity;sid:84729104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3866000)"; flow:established,from_client; content:"GET"; http_method; content:"/memory_bin_dir/memory_load.mips"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"31.56.39.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3866000/; classtype:trojan-activity;sid:84729100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.20.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865999/; classtype:trojan-activity;sid:84729099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865991)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_1aa54dbfab99756a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865991/; classtype:trojan-activity;sid:84729091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865992)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_3e952b2ae3899c34.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865992/; classtype:trojan-activity;sid:84729092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865993)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_ea56972b95adac82.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865993/; classtype:trojan-activity;sid:84729093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865994)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_81337d63d9d5c258.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865994/; classtype:trojan-activity;sid:84729094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865995)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_e5f0e058762035a4.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865995/; classtype:trojan-activity;sid:84729095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865996)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_298a62ccdd240062.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865996/; classtype:trojan-activity;sid:84729096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865997)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_20f0cbfc975b37a7.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865997/; classtype:trojan-activity;sid:84729097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865998)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_feba8078a56702f7.msi"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865998/; classtype:trojan-activity;sid:84729098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865989)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_5838417cf4675a38.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865989/; classtype:trojan-activity;sid:84729089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865990)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_6e653d7c095f5305.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865990/; classtype:trojan-activity;sid:84729090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865988/; classtype:trojan-activity;sid:84729088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865987)"; flow:established,from_client; content:"GET"; http_method; content:"/bacup_190755.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.156.152.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865987/; classtype:trojan-activity;sid:84729087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865986)"; flow:established,from_client; content:"GET"; http_method; content:"/bea511af-e36d-4120-b2bb-9c681814aa8e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"wrlunpmj.masaelmohandesi.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865986/; classtype:trojan-activity;sid:84729086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865985)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=30380a55-e0c8-4d7d-89e2-5364e20a7d3f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ab950zja.testpaye.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865985/; classtype:trojan-activity;sid:84729085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865984)"; flow:established,from_client; content:"GET"; http_method; content:"/d8880e94-75a3-434d-9719-0d55074a7200"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"brcorni.mabaninazari.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865984/; classtype:trojan-activity;sid:84729084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.146.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865983/; classtype:trojan-activity;sid:84729083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.189.222.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865982/; classtype:trojan-activity;sid:84729082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865981)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d5ecbaca-6280-4331-bfab-91b43ba495cf"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"xlyvz7lr.motuntakhasosi.store"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865981/; classtype:trojan-activity;sid:84729081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865980)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=718f69e6-23c8-47f1-aef5-281a72c0dc3b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"m7nohnc7.modiriyatnikbakht.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865980/; classtype:trojan-activity;sid:84729080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865979)"; flow:established,from_client; content:"GET"; http_method; content:"/7a730ed8-2e27-4c0d-aba7-93f3a2d57b74"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jfxdrqqn.maharatmodiran.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865979/; classtype:trojan-activity;sid:84729079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.1.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865978/; classtype:trojan-activity;sid:84729078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.189.222.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865977/; classtype:trojan-activity;sid:84729077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865976)"; flow:established,from_client; content:"GET"; http_method; content:"/86f5272c-e2f3-438d-b180-3e10fec5cf4d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gzipfktz.mabanishimi.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865976/; classtype:trojan-activity;sid:84729076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865975)"; flow:established,from_client; content:"GET"; http_method; content:"/30b88fcd-dc1e-4c77-a746-6a7107feded7"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vslaa.melbetkade.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865975/; classtype:trojan-activity;sid:84729075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.1.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865974/; classtype:trojan-activity;sid:84729074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.7.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865973/; classtype:trojan-activity;sid:84729073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.192.229.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865972/; classtype:trojan-activity;sid:84729072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"141.140.0.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865970/; classtype:trojan-activity;sid:84729070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"141.140.0.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865971/; classtype:trojan-activity;sid:84729071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"141.140.0.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865969/; classtype:trojan-activity;sid:84729069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"162.251.60.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865968/; classtype:trojan-activity;sid:84729068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.140.0.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865965/; classtype:trojan-activity;sid:84729065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.140.0.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865966/; classtype:trojan-activity;sid:84729066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.140.0.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865967/; classtype:trojan-activity;sid:84729067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865964)"; flow:established,from_client; content:"GET"; http_method; content:"/quasar.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"170.168.103.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865964/; classtype:trojan-activity;sid:84729064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.5.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865963/; classtype:trojan-activity;sid:84729063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865962)"; flow:established,from_client; content:"GET"; http_method; content:"/1d135dbc-8846-4dfd-b811-5f4d61e3ab20"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jgyqxldn.leaguejazire.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865962/; classtype:trojan-activity;sid:84729062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.140.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865961/; classtype:trojan-activity;sid:84729061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865960)"; flow:established,from_client; content:"GET"; http_method; content:"/0d87051e-41da-4d16-8997-4f55413fca44"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cztsqzd.livefootba11.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865960/; classtype:trojan-activity;sid:84729060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865959)"; flow:established,from_client; content:"GET"; http_method; content:"/80e2ea8a-1ae5-4d69-ae20-0a9e47a5d808"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pjzhlamo.karbordriyaziyat.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865959/; classtype:trojan-activity;sid:84729059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.5.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865958/; classtype:trojan-activity;sid:84729058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865957)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d873ff52-ec2a-4584-99d4-66f7c631fa20"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"t4axvjhb.riyazinikokar.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865957/; classtype:trojan-activity;sid:84729057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865956)"; flow:established,from_client; content:"GET"; http_method; content:"/782ec283-5284-4c9a-8839-1572641e74ce"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"oucgpofp.karafarini.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865956/; classtype:trojan-activity;sid:84729056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.25.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865955/; classtype:trojan-activity;sid:84729055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.202.101.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865954/; classtype:trojan-activity;sid:84729054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.120.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865953/; classtype:trojan-activity;sid:84729053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.25.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865952/; classtype:trojan-activity;sid:84729052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865951)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=8906e97f-033e-4732-84e4-08c485bead59"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"idb05olx.testdrivepaye3.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865951/; classtype:trojan-activity;sid:84729051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.100.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865950/; classtype:trojan-activity;sid:84729050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.28.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865949/; classtype:trojan-activity;sid:84729049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.120.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865948/; classtype:trojan-activity;sid:84729048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865947)"; flow:established,from_client; content:"GET"; http_method; content:"/6d3b8bd8-7be0-4015-9eba-b4203504451f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"emjkevxm.jam-jahani.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865947/; classtype:trojan-activity;sid:84729047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865946)"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.251.181.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865946/; classtype:trojan-activity;sid:84729046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865945)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.251.181.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865945/; classtype:trojan-activity;sid:84729045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865943)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.251.181.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865943/; classtype:trojan-activity;sid:84729043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865944)"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.251.181.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865944/; classtype:trojan-activity;sid:84729044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865942)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.251.181.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865942/; classtype:trojan-activity;sid:84729042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865941)"; flow:established,from_client; content:"GET"; http_method; content:"/1ee94683-d3c7-4e89-a7b4-65448d9b4401"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"emuerrz.ecologyardakani.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865941/; classtype:trojan-activity;sid:84729041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865940)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"64.89.163.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865940/; classtype:trojan-activity;sid:84729040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865939)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865939/; classtype:trojan-activity;sid:84729039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865930)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"209.99.184.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865930/; classtype:trojan-activity;sid:84729030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865931)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mips"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"209.99.184.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865931/; classtype:trojan-activity;sid:84729031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865932)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.184.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865932/; classtype:trojan-activity;sid:84729032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865933)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.spc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"209.99.184.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865933/; classtype:trojan-activity;sid:84729033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865934)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"209.99.184.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865934/; classtype:trojan-activity;sid:84729034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865935)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.x86"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"209.99.184.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865935/; classtype:trojan-activity;sid:84729035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865936)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"209.99.184.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865936/; classtype:trojan-activity;sid:84729036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865937)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.i686"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"209.99.184.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865937/; classtype:trojan-activity;sid:84729037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865938)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865938/; classtype:trojan-activity;sid:84729038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865929)"; flow:established,from_client; content:"GET"; http_method; content:"/adbpersist.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865929/; classtype:trojan-activity;sid:84729029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865928)"; flow:established,from_client; content:"GET"; http_method; content:"/1.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.99.184.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865928/; classtype:trojan-activity;sid:84729028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865927)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865927/; classtype:trojan-activity;sid:84729027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865921)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.m68k"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"209.99.184.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865921/; classtype:trojan-activity;sid:84729021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865922)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"209.99.184.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865922/; classtype:trojan-activity;sid:84729022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865923)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.mpsl"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"209.99.184.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865923/; classtype:trojan-activity;sid:84729023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865924)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.ppc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"209.99.184.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865924/; classtype:trojan-activity;sid:84729024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865925)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.arm"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"209.99.184.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865925/; classtype:trojan-activity;sid:84729025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865926)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/space.sh4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"209.99.184.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865926/; classtype:trojan-activity;sid:84729026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.52.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865920/; classtype:trojan-activity;sid:84729020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865919)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865919/; classtype:trojan-activity;sid:84729019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865918)"; flow:established,from_client; content:"GET"; http_method; content:"/60d0535e-a6e0-45a9-8bb0-07d44427cfb3"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fqgadjsy.hugugtejarat4.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865918/; classtype:trojan-activity;sid:84729018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865917)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865917/; classtype:trojan-activity;sid:84729017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865913)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865913/; classtype:trojan-activity;sid:84729013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865914)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865914/; classtype:trojan-activity;sid:84729014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865915)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865915/; classtype:trojan-activity;sid:84729015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865916)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865916/; classtype:trojan-activity;sid:84729016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.52.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865912/; classtype:trojan-activity;sid:84729012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865907)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865907/; classtype:trojan-activity;sid:84729007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865908)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865908/; classtype:trojan-activity;sid:84729008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865909)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865909/; classtype:trojan-activity;sid:84729009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865910)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dbg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865910/; classtype:trojan-activity;sid:84729010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865911)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865911/; classtype:trojan-activity;sid:84729011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865903)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.198.224.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865903/; classtype:trojan-activity;sid:84729003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865904)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.198.224.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865904/; classtype:trojan-activity;sid:84729004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865905)"; flow:established,from_client; content:"GET"; http_method; content:"/barm7_x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.198.224.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865905/; classtype:trojan-activity;sid:84729005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865906)"; flow:established,from_client; content:"GET"; http_method; content:"/barm7_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.198.224.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865906/; classtype:trojan-activity;sid:84729006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865900)"; flow:established,from_client; content:"GET"; http_method; content:"/barm7_sp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.198.224.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865900/; classtype:trojan-activity;sid:84729000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865901)"; flow:established,from_client; content:"GET"; http_method; content:"/barm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.198.224.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865901/; classtype:trojan-activity;sid:84729001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865902)"; flow:established,from_client; content:"GET"; http_method; content:"/barm7_mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.198.224.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865902/; classtype:trojan-activity;sid:84729002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865899)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.198.224.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865899/; classtype:trojan-activity;sid:84728999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865898)"; flow:established,from_client; content:"GET"; http_method; content:"/barm7.gz"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.198.224.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865898/; classtype:trojan-activity;sid:84728998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.32.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865897/; classtype:trojan-activity;sid:84728997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.32.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865896/; classtype:trojan-activity;sid:84728996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.175.206.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865895/; classtype:trojan-activity;sid:84728995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865894)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865894/; classtype:trojan-activity;sid:84728994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865890)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865890/; classtype:trojan-activity;sid:84728990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865891)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865891/; classtype:trojan-activity;sid:84728991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865892)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865892/; classtype:trojan-activity;sid:84728992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865893)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865893/; classtype:trojan-activity;sid:84728993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865885)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865885/; classtype:trojan-activity;sid:84728985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865886)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865886/; classtype:trojan-activity;sid:84728986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865887)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865887/; classtype:trojan-activity;sid:84728987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865888)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865888/; classtype:trojan-activity;sid:84728988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865889)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865889/; classtype:trojan-activity;sid:84728989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865884)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.60.156.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865884/; classtype:trojan-activity;sid:84728984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865883)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kla.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865883/; classtype:trojan-activity;sid:84728983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865876)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865876/; classtype:trojan-activity;sid:84728976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865877)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865877/; classtype:trojan-activity;sid:84728977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865878)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865878/; classtype:trojan-activity;sid:84728978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865879)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865879/; classtype:trojan-activity;sid:84728979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865880)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865880/; classtype:trojan-activity;sid:84728980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865881)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865881/; classtype:trojan-activity;sid:84728981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865882)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865882/; classtype:trojan-activity;sid:84728982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865875)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865875/; classtype:trojan-activity;sid:84728975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865874)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.60.159.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865874/; classtype:trojan-activity;sid:84728974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865873)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"46.226.166.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865873/; classtype:trojan-activity;sid:84728973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865872)"; flow:established,from_client; content:"GET"; http_method; content:"/b3c4ed76-14cc-45ec-962f-6447ed31689d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"slceo.rocketbet.pro"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865872/; classtype:trojan-activity;sid:84728972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865871)"; flow:established,from_client; content:"GET"; http_method; content:"/1421e2c3-fac9-4edb-a398-c46ccd382c19"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lkkcicvs.tasisathosseini.shop"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865871/; classtype:trojan-activity;sid:84728971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.43.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865870/; classtype:trojan-activity;sid:84728970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865869)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=28c94613-a0b2-4b34-9ad5-d57900189d09"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"xsr8ggtp.riyaziatumumi.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865869/; classtype:trojan-activity;sid:84728969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.220.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865868/; classtype:trojan-activity;sid:84728968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.43.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865867/; classtype:trojan-activity;sid:84728967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.111.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865866/; classtype:trojan-activity;sid:84728966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865865)"; flow:established,from_client; content:"GET"; http_method; content:"/e236dff7-a32c-46ff-9add-710a6145a6fd"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gidptxnf.shartbandi.games"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865865/; classtype:trojan-activity;sid:84728965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.78.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865864/; classtype:trojan-activity;sid:84728964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.78.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865863/; classtype:trojan-activity;sid:84728963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.151.169.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865862/; classtype:trojan-activity;sid:84728962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.220.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865861/; classtype:trojan-activity;sid:84728961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865860/; classtype:trojan-activity;sid:84728960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865859)"; flow:established,from_client; content:"GET"; http_method; content:"/a1449047-9b8c-4274-b5d2-afc315aaaa63"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"scuxihr.downloadquran.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865859/; classtype:trojan-activity;sid:84728959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.127.251.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865858/; classtype:trojan-activity;sid:84728958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.197.160.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865857/; classtype:trojan-activity;sid:84728957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865856)"; flow:established,from_client; content:"GET"; http_method; content:"/73b2df1f-fcbf-4e2e-80e3-bd934452045e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mbcmhapi.sazebetonarme.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865856/; classtype:trojan-activity;sid:84728956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865855)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=24486f41-0c2e-4dfd-981c-eb0fa49009d3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ls574ky6.anodaz.tv"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865855/; classtype:trojan-activity;sid:84728955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.65.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865854/; classtype:trojan-activity;sid:84728954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865853)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_e5ae42027ee57bae.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865853/; classtype:trojan-activity;sid:84728953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865851)"; flow:established,from_client; content:"GET"; http_method; content:"/rsw0"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.155.8.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865851/; classtype:trojan-activity;sid:84728951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865852)"; flow:established,from_client; content:"GET"; http_method; content:"/rbw0"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.155.8.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_17; reference:url, urlhaus.abuse.ch/url/3865852/; classtype:trojan-activity;sid:84728952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.14.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865850/; classtype:trojan-activity;sid:84728950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.65.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865849/; classtype:trojan-activity;sid:84728949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.252.234.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865848/; classtype:trojan-activity;sid:84728948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865847)"; flow:established,from_client; content:"GET"; http_method; content:"/04d21f7c-6bab-4629-9dce-897f574949d8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ghcruhhs.sanjeshvaandazegiri.shop"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865847/; classtype:trojan-activity;sid:84728947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865846)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c16e7b9b-71ba-4f77-8c6a-f87544bc30f4"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ia9opth7.hugugtatbigi.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865846/; classtype:trojan-activity;sid:84728946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.14.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865845/; classtype:trojan-activity;sid:84728945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.67.216.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865844/; classtype:trojan-activity;sid:84728944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.252.234.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865843/; classtype:trojan-activity;sid:84728943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.18.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865842/; classtype:trojan-activity;sid:84728942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.140.231.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865841/; classtype:trojan-activity;sid:84728941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865840)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=881d30d3-eeb7-409e-a483-8b4152f3fe35"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"b6ddznvo.reyhanebeheshti.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865840/; classtype:trojan-activity;sid:84728940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865839)"; flow:established,from_client; content:"GET"; http_method; content:"/4bb7cd20-4326-4642-b37c-86b2de8bcb1a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"trzyilzj.sanjeshravani.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865839/; classtype:trojan-activity;sid:84728939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.67.216.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865838/; classtype:trojan-activity;sid:84728938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.20.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865837/; classtype:trojan-activity;sid:84728937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.151.169.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865836/; classtype:trojan-activity;sid:84728936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.140.231.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865835/; classtype:trojan-activity;sid:84728935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865834)"; flow:established,from_client; content:"GET"; http_method; content:"/ea1d6d5b-993a-45d3-a133-ea71d8beef3e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xvjjvja.differentialmamuli.store"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865834/; classtype:trojan-activity;sid:84728934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.145.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865833/; classtype:trojan-activity;sid:84728933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865832)"; flow:established,from_client; content:"GET"; http_method; content:"/da0e361c-8930-4bad-961f-c0b430fc28e4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bmsmzuxa.sakhtemandade.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865832/; classtype:trojan-activity;sid:84728932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865831)"; flow:established,from_client; content:"GET"; http_method; content:"/d1c0afc1-a3b4-493b-8ac4-4239e0fe996c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pqjqu.shansbartar.bet"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865831/; classtype:trojan-activity;sid:84728931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865830)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_272a328ef7c4afe3.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865830/; classtype:trojan-activity;sid:84728930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.18.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865829/; classtype:trojan-activity;sid:84728929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.233.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865827/; classtype:trojan-activity;sid:84728927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.75.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865828/; classtype:trojan-activity;sid:84728928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865826)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_93aa7618a8e9169e.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865826/; classtype:trojan-activity;sid:84728926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865825)"; flow:established,from_client; content:"GET"; http_method; content:"/9139d630-78db-4224-bb67-aed2adc41375"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lueplxze.sadreislam.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865825/; classtype:trojan-activity;sid:84728925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.20.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865824/; classtype:trojan-activity;sid:84728924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.20.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865823/; classtype:trojan-activity;sid:84728923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.181.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865822/; classtype:trojan-activity;sid:84728922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.66.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865821/; classtype:trojan-activity;sid:84728921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.255.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865820/; classtype:trojan-activity;sid:84728920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865819)"; flow:established,from_client; content:"GET"; http_method; content:"/5160bce5-7a5d-4aa7-8b55-edd663674ba9"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jwzyamqu.questionsmotor.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865819/; classtype:trojan-activity;sid:84728919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.181.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865818/; classtype:trojan-activity;sid:84728918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.95.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865817/; classtype:trojan-activity;sid:84728917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865816)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=16c403df-ee33-4931-b155-78217da1b47e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"zqxhkfn1.mohasebatadadi.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865816/; classtype:trojan-activity;sid:84728916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865814)"; flow:established,from_client; content:"GET"; http_method; content:"/8b1959a2-b037-4683-a826-3cafda615f12"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"eoubkysl.psgnewsiran.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865814/; classtype:trojan-activity;sid:84728914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865815)"; flow:established,from_client; content:"GET"; http_method; content:"/8cb2d0c4-8217-4bff-8d7f-5e21562371ec"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"opvqf.differentialkerayechiyan.store"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865815/; classtype:trojan-activity;sid:84728915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.84.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865813/; classtype:trojan-activity;sid:84728913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.87.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865812/; classtype:trojan-activity;sid:84728912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.95.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865811/; classtype:trojan-activity;sid:84728911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.172.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865810/; classtype:trojan-activity;sid:84728910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.172.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865809/; classtype:trojan-activity;sid:84728909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865808)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7852450268/qztruwz.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865808/; classtype:trojan-activity;sid:84728908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.101.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865807/; classtype:trojan-activity;sid:84728907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865806)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b7046ea7-b88e-4c4a-a54b-ccc39c3372f7"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"mof95byi.hugugmadanikatouzian.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865806/; classtype:trojan-activity;sid:84728906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865805)"; flow:established,from_client; content:"GET"; http_method; content:"/65a91675-f652-4d7f-8943-4974fa980b0f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"poxcezrq.prozhedownload.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865805/; classtype:trojan-activity;sid:84728905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.87.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865804/; classtype:trojan-activity;sid:84728904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865803)"; flow:established,from_client; content:"GET"; http_method; content:"/0e7a3201-ffec-4dce-8b20-65f7fdb239b2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nebxkrhy.prozhedownload.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865803/; classtype:trojan-activity;sid:84728903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.23.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865802/; classtype:trojan-activity;sid:84728902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.103.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865801/; classtype:trojan-activity;sid:84728901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.23.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865800/; classtype:trojan-activity;sid:84728900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865799)"; flow:established,from_client; content:"GET"; http_method; content:"/0321fdcd-8312-4219-99b1-4bc6bfcf9164"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cpysndcd.prozhecart.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865799/; classtype:trojan-activity;sid:84728899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.33.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865798/; classtype:trojan-activity;sid:84728898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865797)"; flow:established,from_client; content:"GET"; http_method; content:"/yui/wtmp1"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.214.53.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865797/; classtype:trojan-activity;sid:84728897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.146.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865796/; classtype:trojan-activity;sid:84728896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865795)"; flow:established,from_client; content:"GET"; http_method; content:"/90/img_045800.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"66.63.170.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865795/; classtype:trojan-activity;sid:84728895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865794)"; flow:established,from_client; content:"GET"; http_method; content:"/90/givenrestthignsaregoodformebest.hta"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"66.63.170.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865794/; classtype:trojan-activity;sid:84728894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865793)"; flow:established,from_client; content:"GET"; http_method; content:"/httpswww.gartner.comennewsroompress-releases2025-05-13-gartner-identifies-top-trends-shaping-the-future-of-cloud.php"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"66.63.170.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865793/; classtype:trojan-activity;sid:84728893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865792)"; flow:established,from_client; content:"GET"; http_method; content:"/775007a3-5703-46ae-bcd6-68f8ebc0f2f2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"niowimq.shansline.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865792/; classtype:trojan-activity;sid:84728892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865791)"; flow:established,from_client; content:"GET"; http_method; content:"/ec53b7c4-4b0f-4b43-b6f2-ff9d5d17c6fc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zvday.defamogadas.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865791/; classtype:trojan-activity;sid:84728891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.42.11.67"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865790/; classtype:trojan-activity;sid:84728890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865789)"; flow:established,from_client; content:"GET"; http_method; content:"/112bd0e1-f743-47b3-8b36-0b7b2c0c2410"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hxfvuhay.mechanicsayalat.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865789/; classtype:trojan-activity;sid:84728889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.42.130.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865787/; classtype:trojan-activity;sid:84728887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.44.146.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865788/; classtype:trojan-activity;sid:84728888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865786)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=a3e71569-2d9c-4933-a167-87b0ced7e399"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ro68mi4f.hesabdari2.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865786/; classtype:trojan-activity;sid:84728886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.100.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865785/; classtype:trojan-activity;sid:84728885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865784)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3a7857ad-893b-421f-a98a-4d2c7abc2c7e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"w7nr7blr.mohandesitraffic.shop"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865784/; classtype:trojan-activity;sid:84728884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.33.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865783/; classtype:trojan-activity;sid:84728883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.42.130.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865782/; classtype:trojan-activity;sid:84728882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.137.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865781/; classtype:trojan-activity;sid:84728881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865780)"; flow:established,from_client; content:"GET"; http_method; content:"/6dd71a0b-77ae-45c3-94e6-1d9e3f7e6376"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"llmpgrax.mechanickhodakarami.shop"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865780/; classtype:trojan-activity;sid:84728880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.180.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865779/; classtype:trojan-activity;sid:84728879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.68.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865778/; classtype:trojan-activity;sid:84728878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865777)"; flow:established,from_client; content:"GET"; http_method; content:"/crypted_build.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865777/; classtype:trojan-activity;sid:84728877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.229.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865776/; classtype:trojan-activity;sid:84728876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.180.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865775/; classtype:trojan-activity;sid:84728875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865774)"; flow:established,from_client; content:"GET"; http_method; content:"/5858b5b4-61e6-4bf4-a4b6-7de0d782e6f3"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"moqlgtez.masirpayambari.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865774/; classtype:trojan-activity;sid:84728874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.48.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865773/; classtype:trojan-activity;sid:84728873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.48.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865772/; classtype:trojan-activity;sid:84728872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.55.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865771/; classtype:trojan-activity;sid:84728871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865770)"; flow:established,from_client; content:"GET"; http_method; content:"/199b2997-34db-4ece-b589-e514b6ef0f0f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hwott.darsnamejame.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865770/; classtype:trojan-activity;sid:84728870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865769)"; flow:established,from_client; content:"GET"; http_method; content:"/972eb227-6bff-41ff-b30f-28ca8bf45083"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"spnzuoez.masaelmohandesi.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865769/; classtype:trojan-activity;sid:84728869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.150.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865768/; classtype:trojan-activity;sid:84728868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865767)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=5683a175-17eb-4c47-8094-c67d5b34861b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"03mnh00l.hugugmadani6.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865767/; classtype:trojan-activity;sid:84728867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865766/; classtype:trojan-activity;sid:84728866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.55.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865765/; classtype:trojan-activity;sid:84728865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.165.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865764/; classtype:trojan-activity;sid:84728864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.181.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865763/; classtype:trojan-activity;sid:84728863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.199.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865762/; classtype:trojan-activity;sid:84728862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865761)"; flow:established,from_client; content:"GET"; http_method; content:"/3c74d3cd-53bd-40ea-9d79-055b55acf633"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"oyqqqexh.maharatmodiran.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865761/; classtype:trojan-activity;sid:84728861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865760)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=596a9e65-c881-430a-9f38-66ef64e5b90a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"rb907ecj.modiriyatnikbakht.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865760/; classtype:trojan-activity;sid:84728860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.99.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865759/; classtype:trojan-activity;sid:84728859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.251.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865758/; classtype:trojan-activity;sid:84728858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.181.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865757/; classtype:trojan-activity;sid:84728857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865756)"; flow:established,from_client; content:"GET"; http_method; content:"/05636f68-41b9-4b31-a0c4-5085db658f4f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mvipnisr.mabanishimi.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865756/; classtype:trojan-activity;sid:84728856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.92.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865755/; classtype:trojan-activity;sid:84728855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.156.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865754/; classtype:trojan-activity;sid:84728854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865753)"; flow:established,from_client; content:"GET"; http_method; content:"/24902507-7b12-4819-ad2e-8ee2cf66941f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ojrxidv.shartbandifootballkade.online"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865753/; classtype:trojan-activity;sid:84728853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.251.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865752/; classtype:trojan-activity;sid:84728852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.3.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865751/; classtype:trojan-activity;sid:84728851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.109.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865750/; classtype:trojan-activity;sid:84728850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.159.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865749/; classtype:trojan-activity;sid:84728849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.3.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865748/; classtype:trojan-activity;sid:84728848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865747)"; flow:established,from_client; content:"GET"; http_method; content:"/0b0cf4d6-8549-4a6b-9e8c-e846e616c36e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bqtnx.danestanihavarzeshi.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865747/; classtype:trojan-activity;sid:84728847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865746)"; flow:established,from_client; content:"GET"; http_method; content:"/ea076450-4cbc-4cd0-917d-39b190ea2fdb"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zvwkvpww.leaguejazire.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865746/; classtype:trojan-activity;sid:84728846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.111.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865745/; classtype:trojan-activity;sid:84728845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865744)"; flow:established,from_client; content:"GET"; http_method; content:"/eac594"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865744/; classtype:trojan-activity;sid:84728844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865740)"; flow:established,from_client; content:"GET"; http_method; content:"/ac03c5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865740/; classtype:trojan-activity;sid:84728840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865741)"; flow:established,from_client; content:"GET"; http_method; content:"/ca382f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865741/; classtype:trojan-activity;sid:84728841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865742)"; flow:established,from_client; content:"GET"; http_method; content:"/8636e6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865742/; classtype:trojan-activity;sid:84728842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865743)"; flow:established,from_client; content:"GET"; http_method; content:"/cb2c1f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865743/; classtype:trojan-activity;sid:84728843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865735)"; flow:established,from_client; content:"GET"; http_method; content:"/5f0ed5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865735/; classtype:trojan-activity;sid:84728835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865736)"; flow:established,from_client; content:"GET"; http_method; content:"/aba2dd"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865736/; classtype:trojan-activity;sid:84728836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865737)"; flow:established,from_client; content:"GET"; http_method; content:"/a802ee"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865737/; classtype:trojan-activity;sid:84728837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865738)"; flow:established,from_client; content:"GET"; http_method; content:"/2fb9dc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865738/; classtype:trojan-activity;sid:84728838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865739)"; flow:established,from_client; content:"GET"; http_method; content:"/44a752"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865739/; classtype:trojan-activity;sid:84728839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865733)"; flow:established,from_client; content:"GET"; http_method; content:"/b30ea3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865733/; classtype:trojan-activity;sid:84728833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865734)"; flow:established,from_client; content:"GET"; http_method; content:"/d0e001"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865734/; classtype:trojan-activity;sid:84728834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.17.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865732/; classtype:trojan-activity;sid:84728832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.159.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865731/; classtype:trojan-activity;sid:84728831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.165.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865730/; classtype:trojan-activity;sid:84728830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865729)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.17.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865729/; classtype:trojan-activity;sid:84728829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.109.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865728/; classtype:trojan-activity;sid:84728828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.111.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865727/; classtype:trojan-activity;sid:84728827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865726)"; flow:established,from_client; content:"GET"; http_method; content:"/130d5a84-ddc1-4366-9519-eb0ed56d78c2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fvnxmnaz.karbordriyaziyat.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865726/; classtype:trojan-activity;sid:84728826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.179.240.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865725/; classtype:trojan-activity;sid:84728825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865722)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865722/; classtype:trojan-activity;sid:84728822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865723)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865723/; classtype:trojan-activity;sid:84728823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865724)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865724/; classtype:trojan-activity;sid:84728824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865719)"; flow:established,from_client; content:"GET"; http_method; content:"/check.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865719/; classtype:trojan-activity;sid:84728819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865720)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865720/; classtype:trojan-activity;sid:84728820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865721)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865721/; classtype:trojan-activity;sid:84728821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865717)"; flow:established,from_client; content:"GET"; http_method; content:"/syst3md"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865717/; classtype:trojan-activity;sid:84728817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865718)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.26.106.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865718/; classtype:trojan-activity;sid:84728818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865708)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865708/; classtype:trojan-activity;sid:84728808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865709)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865709/; classtype:trojan-activity;sid:84728809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865710)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865710/; classtype:trojan-activity;sid:84728810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865711)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865711/; classtype:trojan-activity;sid:84728811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865712)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865712/; classtype:trojan-activity;sid:84728812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865713)"; flow:established,from_client; content:"GET"; http_method; content:"/check1.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865713/; classtype:trojan-activity;sid:84728813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865714)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865714/; classtype:trojan-activity;sid:84728814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865715)"; flow:established,from_client; content:"GET"; http_method; content:"/checkmacos.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865715/; classtype:trojan-activity;sid:84728815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865716)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865716/; classtype:trojan-activity;sid:84728816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865707)"; flow:established,from_client; content:"GET"; http_method; content:"/log"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865707/; classtype:trojan-activity;sid:84728807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865697)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865697/; classtype:trojan-activity;sid:84728797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865698)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865698/; classtype:trojan-activity;sid:84728798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865699)"; flow:established,from_client; content:"GET"; http_method; content:"/error84"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865699/; classtype:trojan-activity;sid:84728799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865700)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865700/; classtype:trojan-activity;sid:84728800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865701)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865701/; classtype:trojan-activity;sid:84728801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865702)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865702/; classtype:trojan-activity;sid:84728802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865703)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865703/; classtype:trojan-activity;sid:84728803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865704)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865704/; classtype:trojan-activity;sid:84728804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865705)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865705/; classtype:trojan-activity;sid:84728805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865706)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865706/; classtype:trojan-activity;sid:84728806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865696)"; flow:established,from_client; content:"GET"; http_method; content:"/auto"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.26.106.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865696/; classtype:trojan-activity;sid:84728796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865693)"; flow:established,from_client; content:"GET"; http_method; content:"/main_i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865693/; classtype:trojan-activity;sid:84728793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865694)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865694/; classtype:trojan-activity;sid:84728794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865695)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"192.109.200.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865695/; classtype:trojan-activity;sid:84728795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.237.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865692/; classtype:trojan-activity;sid:84728792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.94.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865691/; classtype:trojan-activity;sid:84728791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.253.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865690/; classtype:trojan-activity;sid:84728790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.237.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865689/; classtype:trojan-activity;sid:84728789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.82.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865688/; classtype:trojan-activity;sid:84728788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865687)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1b34a5e0-51af-48de-b806-3a7bf499e14a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"r2ozzh0s.modiriyatbehrangi.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865687/; classtype:trojan-activity;sid:84728787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.204.196.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865686/; classtype:trojan-activity;sid:84728786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.174.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865685/; classtype:trojan-activity;sid:84728785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865684)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_1c1ecdd3b3271647.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865684/; classtype:trojan-activity;sid:84728784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.179.240.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865683/; classtype:trojan-activity;sid:84728783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865679)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865679/; classtype:trojan-activity;sid:84728779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865680)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865680/; classtype:trojan-activity;sid:84728780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865681)"; flow:established,from_client; content:"GET"; http_method; content:"/mips2"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865681/; classtype:trojan-activity;sid:84728781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865682)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865682/; classtype:trojan-activity;sid:84728782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865678)"; flow:established,from_client; content:"GET"; http_method; content:"/3050b5b0-7397-469f-99b0-17e975d7821a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gzljyxqt.jam-jahani.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865678/; classtype:trojan-activity;sid:84728778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.204.196.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865677/; classtype:trojan-activity;sid:84728777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.174.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865676/; classtype:trojan-activity;sid:84728776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865675)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=f0cc3964-ca1b-4923-9b02-ca8a996c38ef"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"v8il4b7i.megaparikade.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865675/; classtype:trojan-activity;sid:84728775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.29.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865674/; classtype:trojan-activity;sid:84728774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.188.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865673/; classtype:trojan-activity;sid:84728773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.30.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865672/; classtype:trojan-activity;sid:84728772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.68.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865671/; classtype:trojan-activity;sid:84728771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865669)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865669/; classtype:trojan-activity;sid:84728769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865670)"; flow:established,from_client; content:"GET"; http_method; content:"/giga.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865670/; classtype:trojan-activity;sid:84728770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865665)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865665/; classtype:trojan-activity;sid:84728765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865666)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865666/; classtype:trojan-activity;sid:84728766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865667)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865667/; classtype:trojan-activity;sid:84728767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865668)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865668/; classtype:trojan-activity;sid:84728768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.28.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865664/; classtype:trojan-activity;sid:84728764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865663)"; flow:established,from_client; content:"GET"; http_method; content:"/f1239b7b-f498-489f-8cb1-5e59cb73b97e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xupga.daneshkhanevade.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865663/; classtype:trojan-activity;sid:84728763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865662)"; flow:established,from_client; content:"GET"; http_method; content:"/6aeb3b92-1c8f-47cf-a06f-0dcd8a3ee4fa"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"olttywek.hugugtejarat4.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865662/; classtype:trojan-activity;sid:84728762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865661)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=ebf243bc-c2a1-42c7-91cc-858466a1b7f9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"vn3oxoji.readthisintro.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865661/; classtype:trojan-activity;sid:84728761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.168.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865660/; classtype:trojan-activity;sid:84728760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865659)"; flow:established,from_client; content:"GET"; http_method; content:"/2727.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vrdccbank.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865659/; classtype:trojan-activity;sid:84728759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.29.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865658/; classtype:trojan-activity;sid:84728758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865657)"; flow:established,from_client; content:"GET"; http_method; content:"/j0yh-keux-j9id-2i7m/img_g0awhq.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865657/; classtype:trojan-activity;sid:84728757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865656)"; flow:established,from_client; content:"GET"; http_method; content:"/ydbbt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865656/; classtype:trojan-activity;sid:84728756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.222.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865655/; classtype:trojan-activity;sid:84728755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865654)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.74.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865654/; classtype:trojan-activity;sid:84728754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.31.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865652/; classtype:trojan-activity;sid:84728752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865653)"; flow:established,from_client; content:"GET"; http_method; content:"/csic_resolucion_2026.iso"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"csic-gob-es.netlify.app"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865653/; classtype:trojan-activity;sid:84728753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.87.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865651/; classtype:trojan-activity;sid:84728751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.246.97.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865650/; classtype:trojan-activity;sid:84728750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.147.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865649/; classtype:trojan-activity;sid:84728749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865648)"; flow:established,from_client; content:"GET"; http_method; content:"/eb025328-390c-4526-b012-e87f234003c7"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"uaxjdnjn.tarikhravannovin.shop"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865648/; classtype:trojan-activity;sid:84728748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865647)"; flow:established,from_client; content:"GET"; http_method; content:"/6b5bfb97-ed26-4f7e-af8a-6bdba045405f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"anxjzoez.shartbandi.games"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865647/; classtype:trojan-activity;sid:84728747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.10.132.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865646/; classtype:trojan-activity;sid:84728746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.80.239.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865645/; classtype:trojan-activity;sid:84728745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"23.92.130.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865644/; classtype:trojan-activity;sid:84728744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.87.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865643/; classtype:trojan-activity;sid:84728743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.65.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865642/; classtype:trojan-activity;sid:84728742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865641)"; flow:established,from_client; content:"GET"; http_method; content:"/4ec13303-f558-4347-9375-8e01aea8e332"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vwdpxdo.shartmag.bet"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865641/; classtype:trojan-activity;sid:84728741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.140.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865640/; classtype:trojan-activity;sid:84728740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.147.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865639/; classtype:trojan-activity;sid:84728739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865638)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_aed6ea95133acdd2.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865638/; classtype:trojan-activity;sid:84728738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.65.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865637/; classtype:trojan-activity;sid:84728737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.80.239.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865636/; classtype:trojan-activity;sid:84728736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865635)"; flow:established,from_client; content:"GET"; http_method; content:"/7e4daaae-e247-4ab2-b275-bbf6754737d8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"wlqmmlhp.sazebetonarme.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865635/; classtype:trojan-activity;sid:84728735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.52.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865634/; classtype:trojan-activity;sid:84728734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865633)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=2eadd596-2f96-4901-a064-a1425d678beb"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"vue0sabv.vanatarsim.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865633/; classtype:trojan-activity;sid:84728733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.31.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865632/; classtype:trojan-activity;sid:84728732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.16.52.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865631/; classtype:trojan-activity;sid:84728731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.246.97.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865630/; classtype:trojan-activity;sid:84728730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.14.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865629/; classtype:trojan-activity;sid:84728729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865628)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e6b90f30-596d-461e-9392-eb4c8ece8a1e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"3hjfke61.usoleamoozesh.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865628/; classtype:trojan-activity;sid:84728728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865627)"; flow:established,from_client; content:"GET"; http_method; content:"/385fed85-99a7-48c6-acd2-73f6c92c60ae"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pgfor.bookdrive.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865627/; classtype:trojan-activity;sid:84728727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865626)"; flow:established,from_client; content:"GET"; http_method; content:"/9f22f8de-61de-421c-8bb2-2567f1bb2278"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bzdujmed.sazebetonarme.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865626/; classtype:trojan-activity;sid:84728726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865625)"; flow:established,from_client; content:"GET"; http_method; content:"/aes.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"atom.freehosting.dev"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865625/; classtype:trojan-activity;sid:84728725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865623)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/payload.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"inini.kesug.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865623/; classtype:trojan-activity;sid:84728723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865624)"; flow:established,from_client; content:"GET"; http_method; content:"/mort.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"atom.freehosting.dev"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865624/; classtype:trojan-activity;sid:84728724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865622)"; flow:established,from_client; content:"GET"; http_method; content:"/ryo.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ryo.gamer.free"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865622/; classtype:trojan-activity;sid:84728722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865621)"; flow:established,from_client; content:"GET"; http_method; content:"/aes.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ryo.gamer.free"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865621/; classtype:trojan-activity;sid:84728721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865620)"; flow:established,from_client; content:"GET"; http_method; content:"/mort.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ryo.gamer.free"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865620/; classtype:trojan-activity;sid:84728720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.198.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865619/; classtype:trojan-activity;sid:84728719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865618)"; flow:established,from_client; content:"GET"; http_method; content:"/188/verygoodprojectwithbestpersonforme.hta"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"185.239.237.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865618/; classtype:trojan-activity;sid:84728718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865617)"; flow:established,from_client; content:"GET"; http_method; content:"/123/weneedbestdevilsystemforbettertogetback.js"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"172.245.195.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865617/; classtype:trojan-activity;sid:84728717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865616)"; flow:established,from_client; content:"GET"; http_method; content:"/123/dc/bestwishesfromthebetterplacescomingforme.hta"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"172.245.195.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865616/; classtype:trojan-activity;sid:84728716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865615)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20260125201218.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ohii.42web.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865615/; classtype:trojan-activity;sid:84728715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865614)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20260119201656.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ohii.42web.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865614/; classtype:trojan-activity;sid:84728714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865613)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20260121203056.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ohii.42web.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865613/; classtype:trojan-activity;sid:84728713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865612)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20260121231222.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ohii.42web.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865612/; classtype:trojan-activity;sid:84728712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865607)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20260121203031.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ohii.42web.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865607/; classtype:trojan-activity;sid:84728707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865608)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20260119201625.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ohii.42web.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865608/; classtype:trojan-activity;sid:84728708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865609)"; flow:established,from_client; content:"GET"; http_method; content:"/arquivo_20260120171855.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"ohii.42web.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865609/; classtype:trojan-activity;sid:84728709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865610)"; flow:established,from_client; content:"GET"; http_method; content:"/80/ce/givemebestthingsforbetterplaceigiven.hta"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"192.227.135.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865610/; classtype:trojan-activity;sid:84728710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865611)"; flow:established,from_client; content:"GET"; http_method; content:"/80/bestangelkindsbreakbackmebestformebetter.js"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"192.227.135.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865611/; classtype:trojan-activity;sid:84728711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865606)"; flow:established,from_client; content:"GET"; http_method; content:"/aes.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"uni.site.je"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865606/; classtype:trojan-activity;sid:84728706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865605)"; flow:established,from_client; content:"GET"; http_method; content:"/mort.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"uni.site.je"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865605/; classtype:trojan-activity;sid:84728705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.88.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865604/; classtype:trojan-activity;sid:84728704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865603)"; flow:established,from_client; content:"GET"; http_method; content:"/img/optimized_msi.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"96.44.167.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865603/; classtype:trojan-activity;sid:84728703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865602)"; flow:established,from_client; content:"GET"; http_method; content:"/img/img_000258.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"144.172.100.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865602/; classtype:trojan-activity;sid:84728702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865598)"; flow:established,from_client; content:"GET"; http_method; content:"/158/img_202926.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"23.95.103.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865598/; classtype:trojan-activity;sid:84728698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865599)"; flow:established,from_client; content:"GET"; http_method; content:"/160/img_205651.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"172.245.209.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865599/; classtype:trojan-activity;sid:84728699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865600)"; flow:established,from_client; content:"GET"; http_method; content:"/92/img_054420.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"209.54.103.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865600/; classtype:trojan-activity;sid:84728700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865601)"; flow:established,from_client; content:"GET"; http_method; content:"/45/img_211613.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"192.3.140.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865601/; classtype:trojan-activity;sid:84728701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865597)"; flow:established,from_client; content:"GET"; http_method; content:"/img/img_194403.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"82.223.139.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865597/; classtype:trojan-activity;sid:84728697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865591)"; flow:established,from_client; content:"GET"; http_method; content:"/222/mastermindworkingforbestskilldevelopments.hta"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"82.223.139.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865591/; classtype:trojan-activity;sid:84728691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865592)"; flow:established,from_client; content:"GET"; http_method; content:"/30/verygreatchanceforbetterperformancecomingtoa.hta"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"144.172.100.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865592/; classtype:trojan-activity;sid:84728692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865593)"; flow:established,from_client; content:"GET"; http_method; content:"/158/goodtingswithbeststylingevermadefor.hta"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"23.95.103.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865593/; classtype:trojan-activity;sid:84728693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865594)"; flow:established,from_client; content:"GET"; http_method; content:"/45/greatthingsfromthebestfeeelingscomingthrough.hta"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"192.3.140.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865594/; classtype:trojan-activity;sid:84728694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865595)"; flow:established,from_client; content:"GET"; http_method; content:"/160/goodpeoplesaroundonmewhobestfor.hta"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"172.245.209.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865595/; classtype:trojan-activity;sid:84728695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865596)"; flow:established,from_client; content:"GET"; http_method; content:"/92/wegivebestchoiceformebetterwaysgoodforme.hta"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"209.54.103.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865596/; classtype:trojan-activity;sid:84728696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.88.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865590/; classtype:trojan-activity;sid:84728690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.198.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865589/; classtype:trojan-activity;sid:84728689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865588)"; flow:established,from_client; content:"GET"; http_method; content:"/bost.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"oamorprevalece.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865588/; classtype:trojan-activity;sid:84728688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.122.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865587/; classtype:trojan-activity;sid:84728687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865586)"; flow:established,from_client; content:"GET"; http_method; content:"/48c3b267-7aad-47d7-ac1c-caefafa092c3"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"oisapmtg.sanjeshvaandazegiri.shop"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865586/; classtype:trojan-activity;sid:84728686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865585)"; flow:established,from_client; content:"GET"; http_method; content:"/homeplus/rmmclient.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"11032026sver.blob.core.windows.net"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865585/; classtype:trojan-activity;sid:84728685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.201.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865584/; classtype:trojan-activity;sid:84728684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.201.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865583/; classtype:trojan-activity;sid:84728683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.201.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865582/; classtype:trojan-activity;sid:84728682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.122.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865581/; classtype:trojan-activity;sid:84728681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865580)"; flow:established,from_client; content:"GET"; http_method; content:"/54cc503e-1015-4e29-b3ce-a7f4325c6a3e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vodzlbpi.sanjeshravani.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865580/; classtype:trojan-activity;sid:84728680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865578)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865578/; classtype:trojan-activity;sid:84728678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865579)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865579/; classtype:trojan-activity;sid:84728679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865577)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dnsduc1k.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865577/; classtype:trojan-activity;sid:84728677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865576)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"dnsduc1k.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865576/; classtype:trojan-activity;sid:84728676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865573)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dnsduc1k.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865573/; classtype:trojan-activity;sid:84728673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865574)"; flow:established,from_client; content:"GET"; http_method; content:"/arc_eb"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dnsduc1k.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865574/; classtype:trojan-activity;sid:84728674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865575)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"dnsduc1k.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865575/; classtype:trojan-activity;sid:84728675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865571)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dnsduc1k.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865571/; classtype:trojan-activity;sid:84728671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865572)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dnsduc1k.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865572/; classtype:trojan-activity;sid:84728672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865568)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dnsduc1k.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865568/; classtype:trojan-activity;sid:84728668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865569)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dnsduc1k.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865569/; classtype:trojan-activity;sid:84728669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865570)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"dnsduc1k.duckdns.org"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865570/; classtype:trojan-activity;sid:84728670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865565)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865565/; classtype:trojan-activity;sid:84728665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865566)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865566/; classtype:trojan-activity;sid:84728666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865567)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865567/; classtype:trojan-activity;sid:84728667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865561)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865561/; classtype:trojan-activity;sid:84728661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865562)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865562/; classtype:trojan-activity;sid:84728662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865563)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865563/; classtype:trojan-activity;sid:84728663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865564)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865564/; classtype:trojan-activity;sid:84728664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865560)"; flow:established,from_client; content:"GET"; http_method; content:"/tracesphere"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hitechbars.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865560/; classtype:trojan-activity;sid:84728660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865559)"; flow:established,from_client; content:"GET"; http_method; content:"/store/details/apps/app-id%3f=live.chat.android/"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"freeapphub.tech"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865559/; classtype:trojan-activity;sid:84728659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865558)"; flow:established,from_client; content:"GET"; http_method; content:"/img/img_192010.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"144.172.100.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865558/; classtype:trojan-activity;sid:84728658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865557)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865557/; classtype:trojan-activity;sid:84728657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865556)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865556/; classtype:trojan-activity;sid:84728656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865552)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865552/; classtype:trojan-activity;sid:84728652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865553)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865553/; classtype:trojan-activity;sid:84728653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865554)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc-440fp"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865554/; classtype:trojan-activity;sid:84728654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865555)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865555/; classtype:trojan-activity;sid:84728655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865551)"; flow:established,from_client; content:"GET"; http_method; content:"/painbins.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"christophercheung.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865551/; classtype:trojan-activity;sid:84728651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.53.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865550/; classtype:trojan-activity;sid:84728650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865548)"; flow:established,from_client; content:"GET"; http_method; content:"/demobilis.qxd"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s-medicus.si"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865548/; classtype:trojan-activity;sid:84728648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865549)"; flow:established,from_client; content:"GET"; http_method; content:"/qwkkpyxidpluydrzcfiy215.bin"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"s-medicus.si"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865549/; classtype:trojan-activity;sid:84728649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.114.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865547/; classtype:trojan-activity;sid:84728647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865539)"; flow:established,from_client; content:"GET"; http_method; content:"/painbins.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865539/; classtype:trojan-activity;sid:84728639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865540)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865540/; classtype:trojan-activity;sid:84728640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865541)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865541/; classtype:trojan-activity;sid:84728641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865542)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865542/; classtype:trojan-activity;sid:84728642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865543)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865543/; classtype:trojan-activity;sid:84728643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865544)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc-440fp"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865544/; classtype:trojan-activity;sid:84728644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865545)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865545/; classtype:trojan-activity;sid:84728645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865546)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865546/; classtype:trojan-activity;sid:84728646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865538)"; flow:established,from_client; content:"GET"; http_method; content:"/l458qw.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865538/; classtype:trojan-activity;sid:84728638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865537)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865537/; classtype:trojan-activity;sid:84728637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865530)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865530/; classtype:trojan-activity;sid:84728630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865531)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865531/; classtype:trojan-activity;sid:84728631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865532)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865532/; classtype:trojan-activity;sid:84728632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865533)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865533/; classtype:trojan-activity;sid:84728633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865534)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865534/; classtype:trojan-activity;sid:84728634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865535)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865535/; classtype:trojan-activity;sid:84728635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865536)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"89.33.192.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865536/; classtype:trojan-activity;sid:84728636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865529)"; flow:established,from_client; content:"GET"; http_method; content:"/50dd4b25-5ef5-4369-9b29-3d1834ed2528"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mxmzjcfl.sakhtemandade.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865529/; classtype:trojan-activity;sid:84728629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.74.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865528/; classtype:trojan-activity;sid:84728628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865527)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=53550459-f8d6-4b71-9d7e-707e380e1080"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"247x0t94.vajename.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865527/; classtype:trojan-activity;sid:84728627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865526)"; flow:established,from_client; content:"GET"; http_method; content:"/e0cb7604-5541-4381-b3a1-8c0e45f41f8c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"kxgzi.barnamenevisi.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865526/; classtype:trojan-activity;sid:84728626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.241.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865525/; classtype:trojan-activity;sid:84728625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865524/; classtype:trojan-activity;sid:84728624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.237.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865523/; classtype:trojan-activity;sid:84728623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.130.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865522/; classtype:trojan-activity;sid:84728622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865521)"; flow:established,from_client; content:"GET"; http_method; content:"/318ee567-fca7-4260-a70b-18d35b6301b3"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"trwqprv.shartmag.bet"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865521/; classtype:trojan-activity;sid:84728621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.79.160.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865520/; classtype:trojan-activity;sid:84728620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865519)"; flow:established,from_client; content:"GET"; http_method; content:"/a8ed8c90-1451-4ea4-830b-22deb6af25bf"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zgdpxwcq.sadreislam.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865519/; classtype:trojan-activity;sid:84728619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.233.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865518/; classtype:trojan-activity;sid:84728618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.225.189.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865517/; classtype:trojan-activity;sid:84728617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865514)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865514/; classtype:trojan-activity;sid:84728614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865515)"; flow:established,from_client; content:"GET"; http_method; content:"/arc_eb"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865515/; classtype:trojan-activity;sid:84728615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865516)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865516/; classtype:trojan-activity;sid:84728616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865513)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865513/; classtype:trojan-activity;sid:84728613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865512)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865512/; classtype:trojan-activity;sid:84728612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.18.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865511/; classtype:trojan-activity;sid:84728611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865506)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"176.65.139.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865506/; classtype:trojan-activity;sid:84728606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865507)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865507/; classtype:trojan-activity;sid:84728607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865508)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865508/; classtype:trojan-activity;sid:84728608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865509)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865509/; classtype:trojan-activity;sid:84728609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865510)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.65.139.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865510/; classtype:trojan-activity;sid:84728610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865505)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865505/; classtype:trojan-activity;sid:84728605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.39.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865504/; classtype:trojan-activity;sid:84728604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.15.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865503/; classtype:trojan-activity;sid:84728603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.74.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865502/; classtype:trojan-activity;sid:84728602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.130.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865501/; classtype:trojan-activity;sid:84728601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.39.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865500/; classtype:trojan-activity;sid:84728600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.237.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865499/; classtype:trojan-activity;sid:84728599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.237.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865498/; classtype:trojan-activity;sid:84728598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.39.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865497/; classtype:trojan-activity;sid:84728597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.106.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865496/; classtype:trojan-activity;sid:84728596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.225.189.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865495/; classtype:trojan-activity;sid:84728595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.190.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865494/; classtype:trojan-activity;sid:84728594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865493)"; flow:established,from_client; content:"GET"; http_method; content:"/6eb0bf85-222e-4464-89eb-488b829e0b31"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jyheezbl.questionsmotor.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865493/; classtype:trojan-activity;sid:84728593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.190.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865492/; classtype:trojan-activity;sid:84728592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"104.251.180.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865491/; classtype:trojan-activity;sid:84728591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"23.172.112.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865489/; classtype:trojan-activity;sid:84728589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"23.172.112.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865490/; classtype:trojan-activity;sid:84728590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"104.251.180.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865488/; classtype:trojan-activity;sid:84728588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"104.251.180.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865487/; classtype:trojan-activity;sid:84728587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.252.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865486/; classtype:trojan-activity;sid:84728586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865485)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=45e4c940-0c1d-402d-8842-219679c54bbc"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ofe3x2gn.tractor11.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865485/; classtype:trojan-activity;sid:84728585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.18.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865484/; classtype:trojan-activity;sid:84728584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.178.234.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865483/; classtype:trojan-activity;sid:84728583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.99.249.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865482/; classtype:trojan-activity;sid:84728582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865481)"; flow:established,from_client; content:"GET"; http_method; content:"/dfdfe7b0-e47b-4c8a-aee4-1a7903e88a85"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xoqlqpdb.psgnewsiran.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865481/; classtype:trojan-activity;sid:84728581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.89.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865480/; classtype:trojan-activity;sid:84728580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.184.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865479/; classtype:trojan-activity;sid:84728579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.223.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865478/; classtype:trojan-activity;sid:84728578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.233.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865477/; classtype:trojan-activity;sid:84728577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865476)"; flow:established,from_client; content:"GET"; http_method; content:"/26f9cf78-585c-4738-b063-61e73d0ff2aa"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cnuwz.bankefile.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865476/; classtype:trojan-activity;sid:84728576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.22.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865475/; classtype:trojan-activity;sid:84728575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865473)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/ljigvpa.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865473/; classtype:trojan-activity;sid:84728573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865474)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/98r4axa.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865474/; classtype:trojan-activity;sid:84728574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865472)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/16sas.jpg"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"62.60.226.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865472/; classtype:trojan-activity;sid:84728572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865471)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=9af44f52-4726-4795-a74d-97e4e3e9097d"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"tuwlc2yd.hesabdarinoravesh.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865471/; classtype:trojan-activity;sid:84728571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.89.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865470/; classtype:trojan-activity;sid:84728570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.178.234.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865469/; classtype:trojan-activity;sid:84728569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865468)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=4c8aa62c-e6c9-49db-8398-0e21b418b607"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"3kh6tu2u.shimiumumi.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865468/; classtype:trojan-activity;sid:84728568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865466)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.148.221.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865466/; classtype:trojan-activity;sid:84728566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865467)"; flow:established,from_client; content:"GET"; http_method; content:"/31399b99-f7ac-4828-9965-1997e3c2b497"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nglrdgbx.prozhedownload.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865467/; classtype:trojan-activity;sid:84728567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.223.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865465/; classtype:trojan-activity;sid:84728565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.44.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865464/; classtype:trojan-activity;sid:84728564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.186.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865463/; classtype:trojan-activity;sid:84728563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.172.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865462/; classtype:trojan-activity;sid:84728562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.222.233.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865461/; classtype:trojan-activity;sid:84728561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.106.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865460/; classtype:trojan-activity;sid:84728560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.184.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865459/; classtype:trojan-activity;sid:84728559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.92.130.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865458/; classtype:trojan-activity;sid:84728558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.187.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865457/; classtype:trojan-activity;sid:84728557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.137.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865456/; classtype:trojan-activity;sid:84728556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.187.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865454/; classtype:trojan-activity;sid:84728554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.44.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865455/; classtype:trojan-activity;sid:84728555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865453)"; flow:established,from_client; content:"GET"; http_method; content:"/190f9728-a029-4f9c-bb9e-b12763537313"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nnozsfst.prozhecart.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865453/; classtype:trojan-activity;sid:84728553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.63.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865452/; classtype:trojan-activity;sid:84728552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.92.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865451/; classtype:trojan-activity;sid:84728551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.83.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865450/; classtype:trojan-activity;sid:84728550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.216.226.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865449/; classtype:trojan-activity;sid:84728549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.195.238.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865448/; classtype:trojan-activity;sid:84728548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.208.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865447/; classtype:trojan-activity;sid:84728547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865446)"; flow:established,from_client; content:"GET"; http_method; content:"/bac56586-74a4-48ba-ba3f-87363c5ca447"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ckvcsacd.mechanicsayalat.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865446/; classtype:trojan-activity;sid:84728546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.188.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865445/; classtype:trojan-activity;sid:84728545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.140.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865444/; classtype:trojan-activity;sid:84728544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.228.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865443/; classtype:trojan-activity;sid:84728543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.161.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865442/; classtype:trojan-activity;sid:84728542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865441)"; flow:established,from_client; content:"GET"; http_method; content:"/2362c405-bafa-4d38-9fd0-d12e00701dae"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"atsvv.bankefiile.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865441/; classtype:trojan-activity;sid:84728541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865440)"; flow:established,from_client; content:"GET"; http_method; content:"/adminme.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"baileyemas.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865440/; classtype:trojan-activity;sid:84728540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865439)"; flow:established,from_client; content:"GET"; http_method; content:"/xw/phan.dat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"project-vendors.icu"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865439/; classtype:trojan-activity;sid:84728539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865438)"; flow:established,from_client; content:"GET"; http_method; content:"/kononiazclient.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865438/; classtype:trojan-activity;sid:84728538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.120.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865437/; classtype:trojan-activity;sid:84728537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/optimized_msi.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"kaza.com.hk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865436/; classtype:trojan-activity;sid:84728536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865432)"; flow:established,from_client; content:"GET"; http_method; content:"/msi.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"141.11.17.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865432/; classtype:trojan-activity;sid:84728532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865433)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"hispergen7.vercel.app"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865433/; classtype:trojan-activity;sid:84728533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865434)"; flow:established,from_client; content:"GET"; http_method; content:"/qqib-j3ob-picl-3175/img_erqr2x.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865434/; classtype:trojan-activity;sid:84728534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865435)"; flow:established,from_client; content:"GET"; http_method; content:"/qqib-j3ob-picl-3175/img_59g3bb.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865435/; classtype:trojan-activity;sid:84728535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865427)"; flow:established,from_client; content:"GET"; http_method; content:"/6gwe-ua1t-tl5x-34yn/img_9b7fhy.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865427/; classtype:trojan-activity;sid:84728527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865428)"; flow:established,from_client; content:"GET"; http_method; content:"/public/2026-06-12/2f91377d-496a-4fe6-afee-5db4c42f0e79/3rrrrrcsd443r4r.png"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"d4.tfdl.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865428/; classtype:trojan-activity;sid:84728528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865429)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"pub-3c115a3c8fe545f6b4433ab278003674.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865429/; classtype:trojan-activity;sid:84728529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865430)"; flow:established,from_client; content:"GET"; http_method; content:"/file/1urakt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"as.al"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865430/; classtype:trojan-activity;sid:84728530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865431)"; flow:established,from_client; content:"GET"; http_method; content:"/public/2026-06-12/2f91377d-496a-4fe6-afee-5db4c42f0e79/3rrrrrcsd443r4r.png"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"d4.tfdl.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865431/; classtype:trojan-activity;sid:84728531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865422)"; flow:established,from_client; content:"GET"; http_method; content:"/yxzkk"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865422/; classtype:trojan-activity;sid:84728522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865423)"; flow:established,from_client; content:"GET"; http_method; content:"/qqib-j3ob-picl-3175/img_w4spnf.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865423/; classtype:trojan-activity;sid:84728523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865424)"; flow:established,from_client; content:"GET"; http_method; content:"/uawix"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865424/; classtype:trojan-activity;sid:84728524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865425)"; flow:established,from_client; content:"GET"; http_method; content:"/bybts"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865425/; classtype:trojan-activity;sid:84728525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865426)"; flow:established,from_client; content:"GET"; http_method; content:"/ydmdx"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865426/; classtype:trojan-activity;sid:84728526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865419)"; flow:established,from_client; content:"GET"; http_method; content:"/n64y-jvb2-wt8x-cri7/img_0wdo83.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865419/; classtype:trojan-activity;sid:84728519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865420)"; flow:established,from_client; content:"GET"; http_method; content:"/jsptg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865420/; classtype:trojan-activity;sid:84728520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865421)"; flow:established,from_client; content:"GET"; http_method; content:"/file/kbn1rc/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"as.al"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865421/; classtype:trojan-activity;sid:84728521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865418)"; flow:established,from_client; content:"GET"; http_method; content:"/hcofi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865418/; classtype:trojan-activity;sid:84728518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865414)"; flow:established,from_client; content:"GET"; http_method; content:"/hjjag"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865414/; classtype:trojan-activity;sid:84728514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865415)"; flow:established,from_client; content:"GET"; http_method; content:"/pomcp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865415/; classtype:trojan-activity;sid:84728515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865416)"; flow:established,from_client; content:"GET"; http_method; content:"/nvmru"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865416/; classtype:trojan-activity;sid:84728516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865417)"; flow:established,from_client; content:"GET"; http_method; content:"/ysxpq/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865417/; classtype:trojan-activity;sid:84728517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865410)"; flow:established,from_client; content:"GET"; http_method; content:"/exixj"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865410/; classtype:trojan-activity;sid:84728510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865411)"; flow:established,from_client; content:"GET"; http_method; content:"/gphrw/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865411/; classtype:trojan-activity;sid:84728511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865412)"; flow:established,from_client; content:"GET"; http_method; content:"/ysxpq"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865412/; classtype:trojan-activity;sid:84728512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865413)"; flow:established,from_client; content:"GET"; http_method; content:"/n64y-jvb2-wt8x-cri7/img_k3ilz3.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865413/; classtype:trojan-activity;sid:84728513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865408)"; flow:established,from_client; content:"GET"; http_method; content:"/govwh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865408/; classtype:trojan-activity;sid:84728508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865409)"; flow:established,from_client; content:"GET"; http_method; content:"/public/2026-06-10/cbabda62-8ec8-468c-8988-c6c2f89233f4/5666666444444444444.png"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"d7.tfdl.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865409/; classtype:trojan-activity;sid:84728509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865406)"; flow:established,from_client; content:"GET"; http_method; content:"/pgkcx"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865406/; classtype:trojan-activity;sid:84728506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865407)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msinew.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"pub-3c115a3c8fe545f6b4433ab278003674.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865407/; classtype:trojan-activity;sid:84728507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865405)"; flow:established,from_client; content:"GET"; http_method; content:"/tyimg/m4vmowx7.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"r2.image-upload.app"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865405/; classtype:trojan-activity;sid:84728505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865404)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads:80"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865404/; classtype:trojan-activity;sid:84728504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865402)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_224605.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"start.billy-surveys.online"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865402/; classtype:trojan-activity;sid:84728502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865403)"; flow:established,from_client; content:"GET"; http_method; content:"/jahaha.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pub-3bc1de741f8149f49bdbafa703067f24.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865403/; classtype:trojan-activity;sid:84728503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865401)"; flow:established,from_client; content:"GET"; http_method; content:"/opti12_msi.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"canigrup.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865401/; classtype:trojan-activity;sid:84728501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865400)"; flow:established,from_client; content:"GET"; http_method; content:"/img/1.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.172.13.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865400/; classtype:trojan-activity;sid:84728500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865399)"; flow:established,from_client; content:"GET"; http_method; content:"/svdsdadsad/vcxv/raw/0878bd481def8e71bb56b5f565d625a755d00281/1.jpg/"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865399/; classtype:trojan-activity;sid:84728499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865398)"; flow:established,from_client; content:"GET"; http_method; content:"/ovrtw"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865398/; classtype:trojan-activity;sid:84728498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.96.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865394/; classtype:trojan-activity;sid:84728494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865395)"; flow:established,from_client; content:"GET"; http_method; content:"/eaevuhuj/1.jpg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"payables-deposit.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865395/; classtype:trojan-activity;sid:84728495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"161.8.192.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865396/; classtype:trojan-activity;sid:84728496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865397)"; flow:established,from_client; content:"GET"; http_method; content:"/sqxoi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865397/; classtype:trojan-activity;sid:84728497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865392)"; flow:established,from_client; content:"GET"; http_method; content:"/ipfs/qmnaxfqzwk4xa3p94a8ug5gte97bqr8uua87jedapkvcdk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"basic-blue-shrew.myfilebase.com"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865392/; classtype:trojan-activity;sid:84728492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865393)"; flow:established,from_client; content:"GET"; http_method; content:"/ipfs/qmnaxfqzwk4xa3p94a8ug5gte97bqr8uua87jedapkvcdk"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"arbitrary-chocolate-tiglon.myfilebase.com"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865393/; classtype:trojan-activity;sid:84728493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865387)"; flow:established,from_client; content:"GET"; http_method; content:"/svdsdadsad/vcxv/raw/0878bd481def8e71bb56b5f565d625a755d00281/1.jpg"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865387/; classtype:trojan-activity;sid:84728487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865388)"; flow:established,from_client; content:"GET"; http_method; content:"/svdsdadsad/vcxv/raw/0878bd481def8e71bb56b5f565d625a755d00281/1.jpg/"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865388/; classtype:trojan-activity;sid:84728488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865389)"; flow:established,from_client; content:"GET"; http_method; content:"/ghkjkghlkgl/ghf/downloads/2.jpg"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865389/; classtype:trojan-activity;sid:84728489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865390)"; flow:established,from_client; content:"GET"; http_method; content:"/file/kbn1rc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"as.al"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865390/; classtype:trojan-activity;sid:84728490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865391)"; flow:established,from_client; content:"GET"; http_method; content:"/mywtestwusbect/hfghfgdfgdfg/downloads/3.jpg"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865391/; classtype:trojan-activity;sid:84728491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865386)"; flow:established,from_client; content:"GET"; http_method; content:"/1.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"nanshiin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865386/; classtype:trojan-activity;sid:84728486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865384)"; flow:established,from_client; content:"GET"; http_method; content:"/benoitdaude/abcdyuosd/refs/heads/main/xmrig-x86_64-static"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865384/; classtype:trojan-activity;sid:84728484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865385)"; flow:established,from_client; content:"GET"; http_method; content:"/benoitdaude/abcdyuosd/refs/heads/main/xmrig-i686-static"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865385/; classtype:trojan-activity;sid:84728485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865383)"; flow:established,from_client; content:"GET"; http_method; content:"/benoitdaude/abcdyuosd/refs/heads/main/xmrig-armv7-static"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865383/; classtype:trojan-activity;sid:84728483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865382)"; flow:established,from_client; content:"GET"; http_method; content:"/benoitdaude/abcdyuosd/refs/heads/main/xmrig-aarch64-static"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865382/; classtype:trojan-activity;sid:84728482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865381)"; flow:established,from_client; content:"GET"; http_method; content:"/04124a0d-a580-4e77-8f5f-78c763c8e626"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gafaiyfx.mechanickhodakarami.shop"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865381/; classtype:trojan-activity;sid:84728481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.188.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865380/; classtype:trojan-activity;sid:84728480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865379)"; flow:established,from_client; content:"GET"; http_method; content:"/takvwrbg/60qyhhndgneaj0t.ps1"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"panel.contactstellarsteel.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865379/; classtype:trojan-activity;sid:84728479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.192.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865377/; classtype:trojan-activity;sid:84728477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.34.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865378/; classtype:trojan-activity;sid:84728478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865376)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=5cd4b8e1-1b5d-4b82-8b29-7e64acbfbbcf"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"p75su278.shimiskoog.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865376/; classtype:trojan-activity;sid:84728476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.142.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865375/; classtype:trojan-activity;sid:84728475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.192.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865374/; classtype:trojan-activity;sid:84728474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.208.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865373/; classtype:trojan-activity;sid:84728473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.34.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865372/; classtype:trojan-activity;sid:84728472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865371)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=21629b65-d49b-45f9-bc6c-b6b33d74caaa"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"4nhtw4lz.testranandegi.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865371/; classtype:trojan-activity;sid:84728471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865370)"; flow:established,from_client; content:"GET"; http_method; content:"/330a83b6-8afb-4c61-8fde-2d69a5401530"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zsmhobv.shartmag.bet"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865370/; classtype:trojan-activity;sid:84728470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865369)"; flow:established,from_client; content:"GET"; http_method; content:"/8808fdaa-ebe6-43d7-b7b6-f01f4d0d1f00"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qvwjatwu.masirpayambari.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865369/; classtype:trojan-activity;sid:84728469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.167.224.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865368/; classtype:trojan-activity;sid:84728468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.118.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865367/; classtype:trojan-activity;sid:84728467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.252.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865366/; classtype:trojan-activity;sid:84728466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.28.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865365/; classtype:trojan-activity;sid:84728465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865364)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/theme-compat/nvfexht/uandeso/plftkrv/stuba.ps1"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"hikmah69.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865364/; classtype:trojan-activity;sid:84728464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.114.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865362/; classtype:trojan-activity;sid:84728462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.198.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865363/; classtype:trojan-activity;sid:84728463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.225"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865360/; classtype:trojan-activity;sid:84728460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.123.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865361/; classtype:trojan-activity;sid:84728461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865359)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1vf9glqftpdx5fvmlq2tkcuqqcabgtrip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865359/; classtype:trojan-activity;sid:84728459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865353)"; flow:established,from_client; content:"GET"; http_method; content:"/202/goodthingsarebestbetterwayscomingforu.vbs"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"172.245.209.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865353/; classtype:trojan-activity;sid:84728453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865354)"; flow:established,from_client; content:"GET"; http_method; content:"/media"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865354/; classtype:trojan-activity;sid:84728454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865355)"; flow:established,from_client; content:"GET"; http_method; content:"/rmuga"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865355/; classtype:trojan-activity;sid:84728455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865356)"; flow:established,from_client; content:"GET"; http_method; content:"/zxsrm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865356/; classtype:trojan-activity;sid:84728456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865357)"; flow:established,from_client; content:"GET"; http_method; content:"/zacaj"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865357/; classtype:trojan-activity;sid:84728457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865358)"; flow:established,from_client; content:"GET"; http_method; content:"/obhny"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865358/; classtype:trojan-activity;sid:84728458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865351)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1w662dmwoiyoqus7xyz20uxmcq6qxmu2a"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865351/; classtype:trojan-activity;sid:84728451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865352)"; flow:established,from_client; content:"GET"; http_method; content:"/cajkj"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865352/; classtype:trojan-activity;sid:84728452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865350)"; flow:established,from_client; content:"GET"; http_method; content:"/dwqmnwqgr/image/upload/v1781492836/img_200538_ves2mj.jpg"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"res.cloudinary.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865350/; classtype:trojan-activity;sid:84728450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865349)"; flow:established,from_client; content:"GET"; http_method; content:"/ebzwgqky/pk.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"miki-visitasia.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865349/; classtype:trojan-activity;sid:84728449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865348)"; flow:established,from_client; content:"GET"; http_method; content:"/42046ea3-82a0-40c9-b998-a24e3a24bece"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"naqsigxg.masaelmohandesi.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865348/; classtype:trojan-activity;sid:84728448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.252.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865347/; classtype:trojan-activity;sid:84728447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865341)"; flow:established,from_client; content:"GET"; http_method; content:"/gphrw"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865341/; classtype:trojan-activity;sid:84728441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865342)"; flow:established,from_client; content:"GET"; http_method; content:"/zpehh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865342/; classtype:trojan-activity;sid:84728442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865343)"; flow:established,from_client; content:"GET"; http_method; content:"/fwdra"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865343/; classtype:trojan-activity;sid:84728443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865344)"; flow:established,from_client; content:"GET"; http_method; content:"/ymxmd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865344/; classtype:trojan-activity;sid:84728444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865345)"; flow:established,from_client; content:"GET"; http_method; content:"/.bitcoin/wallet.dat"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865345/; classtype:trojan-activity;sid:84728445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865346)"; flow:established,from_client; content:"GET"; http_method; content:"/hrrtu"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865346/; classtype:trojan-activity;sid:84728446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865337)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/05/simple.php"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865337/; classtype:trojan-activity;sid:84728437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865338)"; flow:established,from_client; content:"GET"; http_method; content:"/tblpv"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865338/; classtype:trojan-activity;sid:84728438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865339)"; flow:established,from_client; content:"GET"; http_method; content:"/ioacm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865339/; classtype:trojan-activity;sid:84728439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865340)"; flow:established,from_client; content:"GET"; http_method; content:"/zdpmn"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865340/; classtype:trojan-activity;sid:84728440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865336)"; flow:established,from_client; content:"GET"; http_method; content:"/dncrp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865336/; classtype:trojan-activity;sid:84728436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865335)"; flow:established,from_client; content:"GET"; http_method; content:"/oslap"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865335/; classtype:trojan-activity;sid:84728435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865330)"; flow:established,from_client; content:"GET"; http_method; content:"/qmvaz"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865330/; classtype:trojan-activity;sid:84728430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865331)"; flow:established,from_client; content:"GET"; http_method; content:"/xiyks"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865331/; classtype:trojan-activity;sid:84728431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865332)"; flow:established,from_client; content:"GET"; http_method; content:"/ysxpq2c20https3a/pub-ce02802067934e0eb072f69bf6427bf6.r2.dev/"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865332/; classtype:trojan-activity;sid:84728432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865333)"; flow:established,from_client; content:"GET"; http_method; content:"/nxpkj"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865333/; classtype:trojan-activity;sid:84728433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865334)"; flow:established,from_client; content:"GET"; http_method; content:"/mrvnd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865334/; classtype:trojan-activity;sid:84728434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.118.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865329/; classtype:trojan-activity;sid:84728429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865328)"; flow:established,from_client; content:"GET"; http_method; content:"/ad49dd4b-b522-4518-a211-f396232dd5d5"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mnzrz.azmoonzare.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865328/; classtype:trojan-activity;sid:84728428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.182.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865327/; classtype:trojan-activity;sid:84728427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865326/; classtype:trojan-activity;sid:84728426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865325)"; flow:established,from_client; content:"GET"; http_method; content:"/coraline_4.7.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"coraline.work"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865325/; classtype:trojan-activity;sid:84728425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.143.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865322/; classtype:trojan-activity;sid:84728422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.166.107.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865323/; classtype:trojan-activity;sid:84728423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.176.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865324/; classtype:trojan-activity;sid:84728424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865321)"; flow:established,from_client; content:"GET"; http_method; content:"/dx.zip"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"holl.microtr.life"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865321/; classtype:trojan-activity;sid:84728421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865320)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"video-vae.vercel.app"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865320/; classtype:trojan-activity;sid:84728420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.53.152.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865318/; classtype:trojan-activity;sid:84728418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.247.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865319/; classtype:trojan-activity;sid:84728419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865317)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"photo-poisk.vercel.app"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865317/; classtype:trojan-activity;sid:84728417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865312)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"policecontrol2026.vercel.app"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865312/; classtype:trojan-activity;sid:84728412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.35.78.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865313/; classtype:trojan-activity;sid:84728413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.166.188.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865314/; classtype:trojan-activity;sid:84728414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865315)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.79.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865315/; classtype:trojan-activity;sid:84728415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865316)"; flow:established,from_client; content:"GET"; http_method; content:"/telnet.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865316/; classtype:trojan-activity;sid:84728416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865311)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_1bd787051c777547.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865311/; classtype:trojan-activity;sid:84728411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.139.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865310/; classtype:trojan-activity;sid:84728410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.22.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865309/; classtype:trojan-activity;sid:84728409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.123.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865308/; classtype:trojan-activity;sid:84728408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.237.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865307/; classtype:trojan-activity;sid:84728407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865306)"; flow:established,from_client; content:"GET"; http_method; content:"/9f5fa02b-3c52-42b3-8947-3138abc7f6cc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zejlnzmy.maharatmodiran.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865306/; classtype:trojan-activity;sid:84728406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.206.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865305/; classtype:trojan-activity;sid:84728405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.182.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865304/; classtype:trojan-activity;sid:84728404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.217.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865303/; classtype:trojan-activity;sid:84728403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.83.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865302/; classtype:trojan-activity;sid:84728402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.141.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865301/; classtype:trojan-activity;sid:84728401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865300)"; flow:established,from_client; content:"GET"; http_method; content:"/5b5da4c0-7d17-41e3-932b-8ce63a6c87f1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hxhqsvdq.mabanishimi.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865300/; classtype:trojan-activity;sid:84728400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.11.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865299/; classtype:trojan-activity;sid:84728399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.44.136.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865298/; classtype:trojan-activity;sid:84728398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865297)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b07c0f25-c56c-4039-a605-0459346a69b3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"82a3dcwt.sazehayefooladi.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865297/; classtype:trojan-activity;sid:84728397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.44.136.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865296/; classtype:trojan-activity;sid:84728396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.217.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865295/; classtype:trojan-activity;sid:84728395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865294)"; flow:established,from_client; content:"GET"; http_method; content:"/a365ac5d-80d6-4874-be4f-f7776010717e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vtulyasw.leaguejazire.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865294/; classtype:trojan-activity;sid:84728394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.47.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865292/; classtype:trojan-activity;sid:84728392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.220.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865293/; classtype:trojan-activity;sid:84728393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.225.37.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865291/; classtype:trojan-activity;sid:84728391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.181.13.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865289/; classtype:trojan-activity;sid:84728389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.55.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865290/; classtype:trojan-activity;sid:84728390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.47.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865288/; classtype:trojan-activity;sid:84728388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865287)"; flow:established,from_client; content:"GET"; http_method; content:"/73adeb87-db7f-4c85-9351-d9b641c68cab"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"klpiy.mabanimashin.site"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865287/; classtype:trojan-activity;sid:84728387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865286)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=5cc156b3-5639-47fd-a343-2a41c833fb11"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"i2zev0hr.hesabdarieskandari.xyz"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865286/; classtype:trojan-activity;sid:84728386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.211.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865285/; classtype:trojan-activity;sid:84728385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865284)"; flow:established,from_client; content:"GET"; http_method; content:"/8d94cd44-7f7f-468f-aec5-446e19920eb9"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"tfpypiqq.karbordriyaziyat.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865284/; classtype:trojan-activity;sid:84728384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.231.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865283/; classtype:trojan-activity;sid:84728383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.181.13.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865282/; classtype:trojan-activity;sid:84728382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.55.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865281/; classtype:trojan-activity;sid:84728381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865280)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e33900b1-19ee-4dab-a850-b0991f543fc7"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"et3y84jg.testpaye.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865280/; classtype:trojan-activity;sid:84728380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.183.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865279/; classtype:trojan-activity;sid:84728379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.231.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865278/; classtype:trojan-activity;sid:84728378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865277)"; flow:established,from_client; content:"GET"; http_method; content:"/b87e2b19-f210-4db5-b0c4-f76ebb977dbc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gyrtdqr.shartbandikade.online"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865277/; classtype:trojan-activity;sid:84728377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.140.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865276/; classtype:trojan-activity;sid:84728376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.211.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865275/; classtype:trojan-activity;sid:84728375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865274)"; flow:established,from_client; content:"GET"; http_method; content:"/7fc78516-fa84-486f-935e-e9143e81cd1f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ruynyxnj.karafarini.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865274/; classtype:trojan-activity;sid:84728374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.84.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865273/; classtype:trojan-activity;sid:84728373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.74.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865272/; classtype:trojan-activity;sid:84728372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865271)"; flow:established,from_client; content:"GET"; http_method; content:"/233a7382-bfea-4d19-819c-fb64a19dbb52"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cpclyyro.hugugtejarat4.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865271/; classtype:trojan-activity;sid:84728371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865270)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=da9b3973-c16f-4f52-aefa-d9a171dae53d"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"l6sa1ldu.ravanshenasisaeedi.xyz"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865270/; classtype:trojan-activity;sid:84728370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.74.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865269/; classtype:trojan-activity;sid:84728369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.241.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865268/; classtype:trojan-activity;sid:84728368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865267)"; flow:established,from_client; content:"GET"; http_method; content:"/5824e175-41b8-4c43-b663-642c8a8698ea"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mszrd.mabanieslami2.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865267/; classtype:trojan-activity;sid:84728367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.201.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865266/; classtype:trojan-activity;sid:84728366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.23.100.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865265/; classtype:trojan-activity;sid:84728365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865263)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.136.87.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865263/; classtype:trojan-activity;sid:84728363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.63.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865264/; classtype:trojan-activity;sid:84728364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865262)"; flow:established,from_client; content:"GET"; http_method; content:"/9c260b7a-8b28-4593-af59-20a690d2d14a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nvxwrvxi.tasisathosseini.shop"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865262/; classtype:trojan-activity;sid:84728362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.63.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865261/; classtype:trojan-activity;sid:84728361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.42.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865260/; classtype:trojan-activity;sid:84728360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865259)"; flow:established,from_client; content:"GET"; http_method; content:"/05f6b9a8-639e-432f-867d-0f987be08642"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"shfbucmg.tarikhravannovin.shop"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865259/; classtype:trojan-activity;sid:84728359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.42.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865258/; classtype:trojan-activity;sid:84728358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.53.124.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865257/; classtype:trojan-activity;sid:84728357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.207.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865256/; classtype:trojan-activity;sid:84728356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.63.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865255/; classtype:trojan-activity;sid:84728355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.136.87.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865254/; classtype:trojan-activity;sid:84728354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.178.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865253/; classtype:trojan-activity;sid:84728353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865252)"; flow:established,from_client; content:"GET"; http_method; content:"/451ace37-fd9e-4d7d-91ad-e5715869589e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hibwmmbn.shartbandi.games"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865252/; classtype:trojan-activity;sid:84728352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.53.124.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865251/; classtype:trojan-activity;sid:84728351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865250)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=9fe247e7-7acb-4654-a19d-4da24fff0176"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ez92gghl.ravanshenasinovin.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865250/; classtype:trojan-activity;sid:84728350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865249)"; flow:established,from_client; content:"GET"; http_method; content:"/54b317e4-9435-43df-9b8c-9a67ac1b1729"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"abnbc.livefootba11.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865249/; classtype:trojan-activity;sid:84728349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.242.136.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865248/; classtype:trojan-activity;sid:84728348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865247)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e2c89a1a-a1ee-4d2e-879e-d6ea87bf9861"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"vb6axq3r.testdrivepaye3.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865247/; classtype:trojan-activity;sid:84728347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865246)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclear.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"23.27.25.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865246/; classtype:trojan-activity;sid:84728346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865245)"; flow:established,from_client; content:"GET"; http_method; content:"/094c72ca-4d4a-41b5-a6da-a4df56e0c77e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"khfujqd.shartbandifootballkade.online"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865245/; classtype:trojan-activity;sid:84728345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.236.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865244/; classtype:trojan-activity;sid:84728344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865243)"; flow:established,from_client; content:"GET"; http_method; content:"/5183554d-46ce-4e98-98ff-f708e37a9bbc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"tmajnhws.sazebetonarme.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865243/; classtype:trojan-activity;sid:84728343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.207.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865242/; classtype:trojan-activity;sid:84728342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.170.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865241/; classtype:trojan-activity;sid:84728341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.242.136.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865240/; classtype:trojan-activity;sid:84728340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.236.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865239/; classtype:trojan-activity;sid:84728339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.94.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865238/; classtype:trojan-activity;sid:84728338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865237)"; flow:established,from_client; content:"GET"; http_method; content:"/60c8482e-2af7-49cb-81ee-9b80d39f8181"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cunozylb.sanjeshvaandazegiri.shop"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865237/; classtype:trojan-activity;sid:84728337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.15.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_16; reference:url, urlhaus.abuse.ch/url/3865236/; classtype:trojan-activity;sid:84728336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"68.185.152.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865235/; classtype:trojan-activity;sid:84728335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.149.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865234/; classtype:trojan-activity;sid:84728334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865233)"; flow:established,from_client; content:"GET"; http_method; content:"/sonnet.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.40.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865233/; classtype:trojan-activity;sid:84728333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865227)"; flow:established,from_client; content:"GET"; http_method; content:"/sonnet.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.40.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865227/; classtype:trojan-activity;sid:84728327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865228)"; flow:established,from_client; content:"GET"; http_method; content:"/sonnet.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.40.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865228/; classtype:trojan-activity;sid:84728328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865229)"; flow:established,from_client; content:"GET"; http_method; content:"/sonnet.arm4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.40.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865229/; classtype:trojan-activity;sid:84728329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865230)"; flow:established,from_client; content:"GET"; http_method; content:"/sonnet.arc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.40.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865230/; classtype:trojan-activity;sid:84728330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865231)"; flow:established,from_client; content:"GET"; http_method; content:"/sonnet.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.40.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865231/; classtype:trojan-activity;sid:84728331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865232)"; flow:established,from_client; content:"GET"; http_method; content:"/sonnet.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.40.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865232/; classtype:trojan-activity;sid:84728332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865226)"; flow:established,from_client; content:"GET"; http_method; content:"/sonnet.dbg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.40.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865226/; classtype:trojan-activity;sid:84728326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865225)"; flow:established,from_client; content:"GET"; http_method; content:"/fpdejoseo"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.92.40.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865225/; classtype:trojan-activity;sid:84728325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865220)"; flow:established,from_client; content:"GET"; http_method; content:"/sonnet.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.40.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865220/; classtype:trojan-activity;sid:84728320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865221)"; flow:established,from_client; content:"GET"; http_method; content:"/sonnet.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.40.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865221/; classtype:trojan-activity;sid:84728321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865222)"; flow:established,from_client; content:"GET"; http_method; content:"/sonnet.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.40.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865222/; classtype:trojan-activity;sid:84728322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865223)"; flow:established,from_client; content:"GET"; http_method; content:"/sonnet.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.40.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865223/; classtype:trojan-activity;sid:84728323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865224)"; flow:established,from_client; content:"GET"; http_method; content:"/sonnet.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.40.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865224/; classtype:trojan-activity;sid:84728324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865219)"; flow:established,from_client; content:"GET"; http_method; content:"/e1db4f0a-3faa-4a35-b670-bd8348b7d557"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"maxvicsh.sanjeshravani.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865219/; classtype:trojan-activity;sid:84728319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.15.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865218/; classtype:trojan-activity;sid:84728318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"68.185.152.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865217/; classtype:trojan-activity;sid:84728317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.149.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865216/; classtype:trojan-activity;sid:84728316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.31.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865215/; classtype:trojan-activity;sid:84728315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.53.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865214/; classtype:trojan-activity;sid:84728314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865213)"; flow:established,from_client; content:"GET"; http_method; content:"/95c84383-8edc-46e2-beba-a5316ded4a9b"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"tuivp.ecologyardakani.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865213/; classtype:trojan-activity;sid:84728313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865212)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=4717ee5f-2245-4346-8b0d-ffe637453d4c"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cx2b8w38.anodaz.vip"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865212/; classtype:trojan-activity;sid:84728312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.245.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865211/; classtype:trojan-activity;sid:84728311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865210)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b4d4e751-acab-4e47-908e-816e93bed98b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bpirhh68.ravanshenasiganji.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865210/; classtype:trojan-activity;sid:84728310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865209)"; flow:established,from_client; content:"GET"; http_method; content:"/2e234745-a8a0-446f-a5fd-3a9ea281323e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"abmkzgbs.sakhtemandade.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865209/; classtype:trojan-activity;sid:84728309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.99.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865208/; classtype:trojan-activity;sid:84728308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.31.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865207/; classtype:trojan-activity;sid:84728307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.56.232.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865206/; classtype:trojan-activity;sid:84728306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.56.232.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865205/; classtype:trojan-activity;sid:84728305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865204)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_082eaf7f5d6ca3f8.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865204/; classtype:trojan-activity;sid:84728304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.120.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865203/; classtype:trojan-activity;sid:84728303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.56.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865202/; classtype:trojan-activity;sid:84728302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.137.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865201/; classtype:trojan-activity;sid:84728301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.83.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865200/; classtype:trojan-activity;sid:84728300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865199)"; flow:established,from_client; content:"GET"; http_method; content:"/ff6962fb-c642-4628-a1c7-047d73a0c942"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ihypqyrn.sadreislam.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865199/; classtype:trojan-activity;sid:84728299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.226.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865197/; classtype:trojan-activity;sid:84728297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.95.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865198/; classtype:trojan-activity;sid:84728298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865196/; classtype:trojan-activity;sid:84728296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.220.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865195/; classtype:trojan-activity;sid:84728295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.137.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865194/; classtype:trojan-activity;sid:84728294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.83.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865193/; classtype:trojan-activity;sid:84728293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.226.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865192/; classtype:trojan-activity;sid:84728292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865191)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=16d12f5d-ce8b-46d2-8a79-0698cdab2b67"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"6x7obrlx.hugugtatbigi.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865191/; classtype:trojan-activity;sid:84728291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.220.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865190/; classtype:trojan-activity;sid:84728290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865189)"; flow:established,from_client; content:"GET"; http_method; content:"/1ddd78f1-1367-4677-a1f7-e7e0c6d8ee1f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fbvxbuzt.questionsmotor.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865189/; classtype:trojan-activity;sid:84728289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865188)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.54.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865188/; classtype:trojan-activity;sid:84728288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.220.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865187/; classtype:trojan-activity;sid:84728287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.9.10"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865186/; classtype:trojan-activity;sid:84728286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865185)"; flow:established,from_client; content:"GET"; http_method; content:"/941dfc13-1bf3-4ca2-84a6-3ba143402575"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"dbhmpap.shansline.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865185/; classtype:trojan-activity;sid:84728285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.9.10"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865184/; classtype:trojan-activity;sid:84728284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.120.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865183/; classtype:trojan-activity;sid:84728283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865182)"; flow:established,from_client; content:"GET"; http_method; content:"/0d6d3719-06fa-458a-9e07-3a5e5f16f742"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pvmzd.drivingbook.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865182/; classtype:trojan-activity;sid:84728282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865181)"; flow:established,from_client; content:"GET"; http_method; content:"/d84db105-513b-4629-bb83-cb9e5577ddf1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"golkqcqa.psgnewsiran.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865181/; classtype:trojan-activity;sid:84728281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865180)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=622da9e1-3770-4045-9182-4fbc2f9d543d"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"lp4hvt2f.ravanshenakhti.shop"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865180/; classtype:trojan-activity;sid:84728280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865179)"; flow:established,from_client; content:"GET"; http_method; content:"/chil.thn"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bgmotors.ro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865179/; classtype:trojan-activity;sid:84728279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865178)"; flow:established,from_client; content:"GET"; http_method; content:"/be39c017-2705-4908-9967-10779dca1bae"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vdigvuaz.prozhedownload.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865178/; classtype:trojan-activity;sid:84728278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865177)"; flow:established,from_client; content:"GET"; http_method; content:"/nenk2.aspx|3f|bfu"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"venist2.runasp.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865177/; classtype:trojan-activity;sid:84728277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865176)"; flow:established,from_client; content:"GET"; http_method; content:"/202/ecc/goodcreationsforbestfamilypeoples.hta"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"172.245.209.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865176/; classtype:trojan-activity;sid:84728276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865173)"; flow:established,from_client; content:"GET"; http_method; content:"/97/goodthingsarebestforbesttihignstocome.hta"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"107.172.135.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865173/; classtype:trojan-activity;sid:84728273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865174)"; flow:established,from_client; content:"GET"; http_method; content:"/96/ibredgoodforbestthingscomingbackform.hta"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"107.172.135.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865174/; classtype:trojan-activity;sid:84728274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865175)"; flow:established,from_client; content:"GET"; http_method; content:"/154/goodchoiceforbetterplacingconvencingthebesttreatments.hta"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"172.245.209.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865175/; classtype:trojan-activity;sid:84728275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865172)"; flow:established,from_client; content:"GET"; http_method; content:"/123/evc/greatindianthingsareperfectforbest.hta"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"107.172.135.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865172/; classtype:trojan-activity;sid:84728272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865171)"; flow:established,from_client; content:"GET"; http_method; content:"/1a360f75-e07e-4089-b847-f0bb966f1ab2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"scsjldll.prozhedownload.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865171/; classtype:trojan-activity;sid:84728271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865170)"; flow:established,from_client; content:"GET"; http_method; content:"/a/bin.dat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"myzen.pro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865170/; classtype:trojan-activity;sid:84728270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865169)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/theme-compat/nvfexht/uandeso/plftkrv/ojstub.ps1"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"hikmah69.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865169/; classtype:trojan-activity;sid:84728269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865168)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"baskor.mypi.co"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865168/; classtype:trojan-activity;sid:84728268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865167)"; flow:established,from_client; content:"GET"; http_method; content:"/img_014506.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"nickart.ro"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865167/; classtype:trojan-activity;sid:84728267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865166)"; flow:established,from_client; content:"GET"; http_method; content:"/api/v1/download/file.json/odvfodyxodazntbf|3f|temp_key=%a2%9bb%9a%2c%det%c4%88%a6x|7c|26|7c|inline=0"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"web.opendrive.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865166/; classtype:trojan-activity;sid:84728266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865164)"; flow:established,from_client; content:"GET"; http_method; content:"/exoticisms121.dsp"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cembusconfort.ro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865164/; classtype:trojan-activity;sid:84728264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865165)"; flow:established,from_client; content:"GET"; http_method; content:"/yohtj27.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cembusconfort.ro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865165/; classtype:trojan-activity;sid:84728265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865163)"; flow:established,from_client; content:"GET"; http_method; content:"/d/odvfodyxodazntbf/optimized_msi.png"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"od.lk"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865163/; classtype:trojan-activity;sid:84728263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.190.134.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865162/; classtype:trojan-activity;sid:84728262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865160)"; flow:established,from_client; content:"GET"; http_method; content:"/abgbipo.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.121.240.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865160/; classtype:trojan-activity;sid:84728260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865161)"; flow:established,from_client; content:"GET"; http_method; content:"/grundfladernes.lpk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cembusconfort.ro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865161/; classtype:trojan-activity;sid:84728261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865158)"; flow:established,from_client; content:"GET"; http_method; content:"/asdoiee.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.121.240.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865158/; classtype:trojan-activity;sid:84728258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865159)"; flow:established,from_client; content:"GET"; http_method; content:"/nonprovin.snp"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bgmotors.ro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865159/; classtype:trojan-activity;sid:84728259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865157)"; flow:established,from_client; content:"GET"; http_method; content:"/apwglfvvczyjbpb54.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"bgmotors.ro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865157/; classtype:trojan-activity;sid:84728257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865156)"; flow:established,from_client; content:"GET"; http_method; content:"/ifadgif.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.121.240.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865156/; classtype:trojan-activity;sid:84728256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865154)"; flow:established,from_client; content:"GET"; http_method; content:"/3tpo-g4n0-u714-l9kx/img_6f211h.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865154/; classtype:trojan-activity;sid:84728254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865155)"; flow:established,from_client; content:"GET"; http_method; content:"/pupoprge/a2.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"miki-visitasia.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865155/; classtype:trojan-activity;sid:84728255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865153)"; flow:established,from_client; content:"GET"; http_method; content:"/jkdekmk.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"85.121.240.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865153/; classtype:trojan-activity;sid:84728253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865152)"; flow:established,from_client; content:"GET"; http_method; content:"/certainwhenever"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"paste.sensio.no"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865152/; classtype:trojan-activity;sid:84728252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865151)"; flow:established,from_client; content:"GET"; http_method; content:"/lack/stego_payload.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"voltejeasteis.click"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865151/; classtype:trojan-activity;sid:84728251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865149)"; flow:established,from_client; content:"GET"; http_method; content:"/jp/stego_payload.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"sixmexicos.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865149/; classtype:trojan-activity;sid:84728249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865150)"; flow:established,from_client; content:"GET"; http_method; content:"/3tpo-g4n0-u714-l9kx/img_c6s4k2.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865150/; classtype:trojan-activity;sid:84728250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.242.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865148/; classtype:trojan-activity;sid:84728248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865147)"; flow:established,from_client; content:"GET"; http_method; content:"/img/kb/img_194735.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"172.86.110.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865147/; classtype:trojan-activity;sid:84728247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.54.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865146/; classtype:trojan-activity;sid:84728246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865145)"; flow:established,from_client; content:"GET"; http_method; content:"/img/img_165940.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"82.223.139.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865145/; classtype:trojan-activity;sid:84728245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865144)"; flow:established,from_client; content:"GET"; http_method; content:"/221/givenbestthingsforbetterplacegoodcoming.hta"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"82.223.139.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865144/; classtype:trojan-activity;sid:84728244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865143)"; flow:established,from_client; content:"GET"; http_method; content:"/img/kb/verygoodperformancethingsarecominginthisnewthingsinside.hta"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"172.86.110.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865143/; classtype:trojan-activity;sid:84728243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865139)"; flow:established,from_client; content:"GET"; http_method; content:"/46/givemebestthignsbackfromthisbusiness.hta"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"209.54.103.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865139/; classtype:trojan-activity;sid:84728239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865140)"; flow:established,from_client; content:"GET"; http_method; content:"/33/img_220818.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"192.3.140.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865140/; classtype:trojan-activity;sid:84728240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865141)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_a2054e924072d7f1.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865141/; classtype:trojan-activity;sid:84728241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865142)"; flow:established,from_client; content:"GET"; http_method; content:"/img/img_160722.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"209.54.103.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865142/; classtype:trojan-activity;sid:84728242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865138)"; flow:established,from_client; content:"GET"; http_method; content:"/40/imacomingthisweekinthrforbestgoodthings.hta"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"198.23.144.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865138/; classtype:trojan-activity;sid:84728238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865137)"; flow:established,from_client; content:"GET"; http_method; content:"/33/goodthingsarebesttogetbetterthingsfrome.hta"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"192.3.140.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865137/; classtype:trojan-activity;sid:84728237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865135)"; flow:established,from_client; content:"GET"; http_method; content:"/203/goodthingsarebestbetterwayscomingforu.vbs"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"172.245.209.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865135/; classtype:trojan-activity;sid:84728235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865136)"; flow:established,from_client; content:"GET"; http_method; content:"/156/img_225642.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"23.95.103.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865136/; classtype:trojan-activity;sid:84728236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865134)"; flow:established,from_client; content:"GET"; http_method; content:"/203/ech/goodjobtodayreallyfinegoodhearthatcurrentilot.hta"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"172.245.209.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865134/; classtype:trojan-activity;sid:84728234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865133)"; flow:established,from_client; content:"GET"; http_method; content:"/156/notimefordothatallbrotherherewiatingalot.hta"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"23.95.103.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865133/; classtype:trojan-activity;sid:84728233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865132)"; flow:established,from_client; content:"GET"; http_method; content:"/img/img_023305.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"172.86.110.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865132/; classtype:trojan-activity;sid:84728232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865131)"; flow:established,from_client; content:"GET"; http_method; content:"/33/img_044256.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"193.37.215.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865131/; classtype:trojan-activity;sid:84728231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865129)"; flow:established,from_client; content:"GET"; http_method; content:"/33/verygreatthingsaregoingaroundonmethings.hta"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"193.37.215.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865129/; classtype:trojan-activity;sid:84728229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865130)"; flow:established,from_client; content:"GET"; http_method; content:"/121/goodreangewithbestthignsaroundonmyself.hta"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"172.86.110.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865130/; classtype:trojan-activity;sid:84728230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865127)"; flow:established,from_client; content:"GET"; http_method; content:"/tochka.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.77.168.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865127/; classtype:trojan-activity;sid:84728227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865128)"; flow:established,from_client; content:"GET"; http_method; content:"/sopeas.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.77.168.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865128/; classtype:trojan-activity;sid:84728228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865125)"; flow:established,from_client; content:"GET"; http_method; content:"/1/reosmesf967rgeaveon.jug"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"104.239.66.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865125/; classtype:trojan-activity;sid:84728225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865126)"; flow:established,from_client; content:"GET"; http_method; content:"/1/rgeaveonrgeaveon77.abb"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"104.239.66.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865126/; classtype:trojan-activity;sid:84728226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.190.134.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865124/; classtype:trojan-activity;sid:84728224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865123)"; flow:established,from_client; content:"GET"; http_method; content:"/cpeg/stego_payload.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.controliumbt.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865123/; classtype:trojan-activity;sid:84728223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865122)"; flow:established,from_client; content:"GET"; http_method; content:"/687f4184-f8bd-45af-af74-f4a594120c2b"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jehezikh.prozhecart.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865122/; classtype:trojan-activity;sid:84728222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865121)"; flow:established,from_client; content:"GET"; http_method; content:"/dx.zip"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fine.microtr.life"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865121/; classtype:trojan-activity;sid:84728221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865119)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.230.61.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865119/; classtype:trojan-activity;sid:84728219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865120)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"157.230.61.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865120/; classtype:trojan-activity;sid:84728220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865118)"; flow:established,from_client; content:"GET"; http_method; content:"/e839abd2-ca52-46e7-a662-953024674c1c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"btskl.downloadquran.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865118/; classtype:trojan-activity;sid:84728218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.54.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865117/; classtype:trojan-activity;sid:84728217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.92.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865116/; classtype:trojan-activity;sid:84728216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865115)"; flow:established,from_client; content:"GET"; http_method; content:"/096568a7-672f-4fc0-a683-eeadf0db1b1f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xkpxrkko.mechanicsayalat.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865115/; classtype:trojan-activity;sid:84728215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.226.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865114/; classtype:trojan-activity;sid:84728214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865113)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_468efb8047c9b439.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865113/; classtype:trojan-activity;sid:84728213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.115.102.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865112/; classtype:trojan-activity;sid:84728212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865111)"; flow:established,from_client; content:"GET"; http_method; content:"/kaf.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"skynet1.ydns.eu"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865111/; classtype:trojan-activity;sid:84728211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865108)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_c46cdbec2c0d50af.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865108/; classtype:trojan-activity;sid:84728208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865109)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_ed8aa147a32047b4.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865109/; classtype:trojan-activity;sid:84728209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865110)"; flow:established,from_client; content:"GET"; http_method; content:"/mass"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.223.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865110/; classtype:trojan-activity;sid:84728210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.86.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865107/; classtype:trojan-activity;sid:84728207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.42.91.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865106/; classtype:trojan-activity;sid:84728206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865105)"; flow:established,from_client; content:"GET"; http_method; content:"/c0183fd3-b714-463f-a965-bc4107b6f865"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ljhxazhv.mechanickhodakarami.shop"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865105/; classtype:trojan-activity;sid:84728205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865104)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=6383b346-fa18-46a5-b5fb-1f20a058d2e9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ieg4j0ii.ravansalamat.shop"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865104/; classtype:trojan-activity;sid:84728204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.77.13.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865103/; classtype:trojan-activity;sid:84728203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865102)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=4d050985-399e-4ea6-91e0-c40c2e0123af"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"x8268vj9.hugugmadanikatouzian.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865102/; classtype:trojan-activity;sid:84728202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865101)"; flow:established,from_client; content:"GET"; http_method; content:"/cb018452-ccbe-46aa-88ac-4951dd1b4570"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ckdydch.shansbartar.bet"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865101/; classtype:trojan-activity;sid:84728201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865100)"; flow:established,from_client; content:"GET"; http_method; content:"/701299d6-343c-4880-8ee7-15a420f988be"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"aiaufdwh.masirpayambari.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865100/; classtype:trojan-activity;sid:84728200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.172.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865099/; classtype:trojan-activity;sid:84728199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.77.13.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865098/; classtype:trojan-activity;sid:84728198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.238.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865097/; classtype:trojan-activity;sid:84728197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865096)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"24.89.4.180"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865096/; classtype:trojan-activity;sid:84728196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865095)"; flow:established,from_client; content:"GET"; http_method; content:"/18f4af96-df5c-4fb6-9849-b9aba548c632"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bgyxg.differentialmamuli.store"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865095/; classtype:trojan-activity;sid:84728195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865094)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1c65bc76-6150-4d6e-9b18-b86497e6d8e2"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"uivmtnvu.anodaz.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865094/; classtype:trojan-activity;sid:84728194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.92.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865093/; classtype:trojan-activity;sid:84728193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865092)"; flow:established,from_client; content:"GET"; http_method; content:"/84685321-511e-4f41-8e2c-ca2e6fb1629c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"rgojzoub.masaelmohandesi.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865092/; classtype:trojan-activity;sid:84728192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.238.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865091/; classtype:trojan-activity;sid:84728191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.120.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865090/; classtype:trojan-activity;sid:84728190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.128.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865089/; classtype:trojan-activity;sid:84728189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.120.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865088/; classtype:trojan-activity;sid:84728188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.200.212.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865087/; classtype:trojan-activity;sid:84728187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865086)"; flow:established,from_client; content:"GET"; http_method; content:"/1cbe1001-a757-4ea9-95d0-60ef5b24b3bc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"rdpztlxu.maharatmodiran.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865086/; classtype:trojan-activity;sid:84728186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.242.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865085/; classtype:trojan-activity;sid:84728185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.92.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865084/; classtype:trojan-activity;sid:84728184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865081)"; flow:established,from_client; content:"GET"; http_method; content:"/htmlweb/axis/dbk.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"files01.click"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865081/; classtype:trojan-activity;sid:84728181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865082)"; flow:established,from_client; content:"GET"; http_method; content:"/htmlweb/axis/edu.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"files01.click"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865082/; classtype:trojan-activity;sid:84728182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865083)"; flow:established,from_client; content:"GET"; http_method; content:"/jktjune.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.basefile.click"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865083/; classtype:trojan-activity;sid:84728183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865079)"; flow:established,from_client; content:"GET"; http_method; content:"/55/img_005447.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"151.241.154.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865079/; classtype:trojan-activity;sid:84728179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865080)"; flow:established,from_client; content:"GET"; http_method; content:"/htmlweb/axis/optimized.png"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"files01.click"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865080/; classtype:trojan-activity;sid:84728180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865078)"; flow:established,from_client; content:"GET"; http_method; content:"/55/givemebesttthingsforbetterplaces.hta"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"151.241.154.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865078/; classtype:trojan-activity;sid:84728178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865077)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3b429f66-afec-4dab-9bc6-718a868296fc"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"l3fcolra.fubet24.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865077/; classtype:trojan-activity;sid:84728177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865076)"; flow:established,from_client; content:"GET"; http_method; content:"/zero.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.60.195.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865076/; classtype:trojan-activity;sid:84728176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865075)"; flow:established,from_client; content:"GET"; http_method; content:"/anonuser72/files/refs/heads/main/umpdc.dll"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865075/; classtype:trojan-activity;sid:84728175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.239.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865074/; classtype:trojan-activity;sid:84728174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865073)"; flow:established,from_client; content:"GET"; http_method; content:"/7aae494e-5d65-49cc-ae50-6707d6037b7f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"kulnpioc.mabanishimi.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865073/; classtype:trojan-activity;sid:84728173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.29.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865072/; classtype:trojan-activity;sid:84728172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865070)"; flow:established,from_client; content:"GET"; http_method; content:"/tochka.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.77.168.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865070/; classtype:trojan-activity;sid:84728170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865071)"; flow:established,from_client; content:"GET"; http_method; content:"/sopeas.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.77.168.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865071/; classtype:trojan-activity;sid:84728171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865069)"; flow:established,from_client; content:"GET"; http_method; content:"/memesense.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"akarstresser.pro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865069/; classtype:trojan-activity;sid:84728169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865066)"; flow:established,from_client; content:"GET"; http_method; content:"/do/bekransendes.com"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"consways.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865066/; classtype:trojan-activity;sid:84728166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865067)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"agrovelca.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865067/; classtype:trojan-activity;sid:84728167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865068)"; flow:established,from_client; content:"GET"; http_method; content:"/144.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"agrovelca.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865068/; classtype:trojan-activity;sid:84728168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865065)"; flow:established,from_client; content:"GET"; http_method; content:"/do/quote-9398.pdf"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"consways.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865065/; classtype:trojan-activity;sid:84728165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.220.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865064/; classtype:trojan-activity;sid:84728164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865063)"; flow:established,from_client; content:"GET"; http_method; content:"/b6193ee7-9dea-43c2-82d6-d300c6dea112"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xipas.differentialkerayechiyan.store"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865063/; classtype:trojan-activity;sid:84728163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.239.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865062/; classtype:trojan-activity;sid:84728162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865061)"; flow:established,from_client; content:"GET"; http_method; content:"/8142d329-5500-45e9-aa46-64db60340173"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"yrzwlqcu.leaguejazire.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865061/; classtype:trojan-activity;sid:84728161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865060)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"one-verif.lol"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865060/; classtype:trojan-activity;sid:84728160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.240.237.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865059/; classtype:trojan-activity;sid:84728159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.33.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865058/; classtype:trojan-activity;sid:84728158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.76.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865057/; classtype:trojan-activity;sid:84728157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.28.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865056/; classtype:trojan-activity;sid:84728156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.143.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865055/; classtype:trojan-activity;sid:84728155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865054)"; flow:established,from_client; content:"GET"; http_method; content:"/zefuyckmhfbapafkmojd213.bin"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"bin.workcentral.shop"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865054/; classtype:trojan-activity;sid:84728154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865053)"; flow:established,from_client; content:"GET"; http_method; content:"/navd-ctrl/facebook-marketplace-scraper/raw/refs/heads/main/src/marketplace_scraper_facebook_v2.4-beta.2.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865053/; classtype:trojan-activity;sid:84728153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865052)"; flow:established,from_client; content:"GET"; http_method; content:"/navd-ctrl/facebook-marketplace-scraper/main/data/facebook-marketplace-scraper-v3.7-beta.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865052/; classtype:trojan-activity;sid:84728152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865051)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mirai_dalas_retarted_hifromb4ckdoorbitches.x86"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"216.126.239.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865051/; classtype:trojan-activity;sid:84728151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865050)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_0209f25166222dee.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865050/; classtype:trojan-activity;sid:84728150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.76.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865049/; classtype:trojan-activity;sid:84728149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865048)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=645096c2-d8fd-41c0-834b-3ce11a66ed58"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"5e568txr.hugugmadani6.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865048/; classtype:trojan-activity;sid:84728148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865047)"; flow:established,from_client; content:"GET"; http_method; content:"/be0903b8-c368-450b-96a6-f8ae118fddba"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lmlnqaju.karbordriyaziyat.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865047/; classtype:trojan-activity;sid:84728147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.116.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865046/; classtype:trojan-activity;sid:84728146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.93.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865045/; classtype:trojan-activity;sid:84728145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865044)"; flow:established,from_client; content:"GET"; http_method; content:"/e142ecdf-4c92-4a1b-afb8-505a46d3abbc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"dvbkmkq.rocketbet.pro"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865044/; classtype:trojan-activity;sid:84728144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.28.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865043/; classtype:trojan-activity;sid:84728143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.81.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865042/; classtype:trojan-activity;sid:84728142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865041)"; flow:established,from_client; content:"GET"; http_method; content:"/99034b05-4eda-4ee0-9e18-466b702ee766"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"eofvjfbp.karafarini.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865041/; classtype:trojan-activity;sid:84728141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.84.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865040/; classtype:trojan-activity;sid:84728140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.122.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865039/; classtype:trojan-activity;sid:84728139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.119.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865038/; classtype:trojan-activity;sid:84728138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865037)"; flow:established,from_client; content:"GET"; http_method; content:"/95/img_070815.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.172.235.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865037/; classtype:trojan-activity;sid:84728137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865036)"; flow:established,from_client; content:"GET"; http_method; content:"/55/givemebestsupportingskillswithmygirlfriend.hta"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"107.172.235.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865036/; classtype:trojan-activity;sid:84728136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.81.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865035/; classtype:trojan-activity;sid:84728135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865034)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=6a80970c-0a95-49f2-bfae-019678cc6fb9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1ghy1rc2.questionstest.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865034/; classtype:trojan-activity;sid:84728134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865033)"; flow:established,from_client; content:"GET"; http_method; content:"/9fd7eaf3-efbb-4a36-a174-dabd8dd7f6f6"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ziryn.defamogadas.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865033/; classtype:trojan-activity;sid:84728133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865032)"; flow:established,from_client; content:"GET"; http_method; content:"/30f8acb1-5d2d-4756-a5b1-2939496416c8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"thhcalzn.jam-jahani.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865032/; classtype:trojan-activity;sid:84728132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.167.175.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865031/; classtype:trojan-activity;sid:84728131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.198.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865030/; classtype:trojan-activity;sid:84728130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.14.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865029/; classtype:trojan-activity;sid:84728129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865028)"; flow:established,from_client; content:"GET"; http_method; content:"/52e01f9a-41be-40fc-b2f4-09436c906305"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"paqyqptu.hugugtejarat4.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865028/; classtype:trojan-activity;sid:84728128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.226.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865027/; classtype:trojan-activity;sid:84728127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.128.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865026/; classtype:trojan-activity;sid:84728126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.175.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865025/; classtype:trojan-activity;sid:84728125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865022)"; flow:established,from_client; content:"GET"; http_method; content:"/babyfacexload.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.basefile.click"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865022/; classtype:trojan-activity;sid:84728122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865023)"; flow:established,from_client; content:"GET"; http_method; content:"/jktjune.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.basefile.click"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865023/; classtype:trojan-activity;sid:84728123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865024)"; flow:established,from_client; content:"GET"; http_method; content:"/sass/djokunewrdp.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"brenmayasociados.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865024/; classtype:trojan-activity;sid:84728124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865020)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msiljune.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.basefile.click"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865020/; classtype:trojan-activity;sid:84728120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865021)"; flow:established,from_client; content:"GET"; http_method; content:"/yufile.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.basefile.click"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865021/; classtype:trojan-activity;sid:84728121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.85.108.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865019/; classtype:trojan-activity;sid:84728119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.148.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865018/; classtype:trojan-activity;sid:84728118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.59.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865016/; classtype:trojan-activity;sid:84728116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865017)"; flow:established,from_client; content:"GET"; http_method; content:"/606fd583-76b7-4ed7-ad98-03e75b075dfe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vdljitxt.hugugtatbigi.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865017/; classtype:trojan-activity;sid:84728117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.80.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865015/; classtype:trojan-activity;sid:84728115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.148.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865014/; classtype:trojan-activity;sid:84728114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.85.108.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865013/; classtype:trojan-activity;sid:84728113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865012)"; flow:established,from_client; content:"GET"; http_method; content:"/7258b478-ed56-4af6-9478-8a8beb26dacf"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zvxuc.darsnamejame.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865012/; classtype:trojan-activity;sid:84728112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865011)"; flow:established,from_client; content:"GET"; http_method; content:"/api/file/get|3f|filekey=wprlcteiw3x3afmsaytstq_szzhnnoeuu1i3rb06iof_ipbx2dilzkdd0yq"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"3008.filemail.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865011/; classtype:trojan-activity;sid:84728111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865010)"; flow:established,from_client; content:"GET"; http_method; content:"/hmkitxgt/stub.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"miki-visitasia.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865010/; classtype:trojan-activity;sid:84728110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865009)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=725daec8-a61b-4418-81ae-b6f26655973b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"opyo2s3o.akhlagvaahkam.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865009/; classtype:trojan-activity;sid:84728109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865008)"; flow:established,from_client; content:"GET"; http_method; content:"/83aef4c5-4a1c-45be-b256-ddcdbd4d3944"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"froqlquf.hugugmadanikatouzian.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865008/; classtype:trojan-activity;sid:84728108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.251.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865007/; classtype:trojan-activity;sid:84728107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.72.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865006/; classtype:trojan-activity;sid:84728106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865002)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865002/; classtype:trojan-activity;sid:84728102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865003)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865003/; classtype:trojan-activity;sid:84728103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865004)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865004/; classtype:trojan-activity;sid:84728104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865005)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865005/; classtype:trojan-activity;sid:84728105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865000/; classtype:trojan-activity;sid:84728100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3865001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.72.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3865001/; classtype:trojan-activity;sid:84728101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864994)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864994/; classtype:trojan-activity;sid:84728094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864995)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864995/; classtype:trojan-activity;sid:84728095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864996)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864996/; classtype:trojan-activity;sid:84728096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864997)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864997/; classtype:trojan-activity;sid:84728097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864998)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arm4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864998/; classtype:trojan-activity;sid:84728098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864999)"; flow:established,from_client; content:"GET"; http_method; content:"/rep.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864999/; classtype:trojan-activity;sid:84728099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.80.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864993/; classtype:trojan-activity;sid:84728093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864992)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=bbc1df9b-84c2-4fd3-a83e-55e6107d916a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"0hz5u1mn.moarefeslami.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864992/; classtype:trojan-activity;sid:84728092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864991)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b7031f38-b366-468d-a174-257599273c72"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"0snofqmc.megaparikade.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864991/; classtype:trojan-activity;sid:84728091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864990)"; flow:established,from_client; content:"GET"; http_method; content:"/368c0d89-eccb-4dbc-8bc0-af78efae0e2d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qbuhghd.melbetkade.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864990/; classtype:trojan-activity;sid:84728090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864989)"; flow:established,from_client; content:"GET"; http_method; content:"/f4383c3b-41f8-4c4c-92e0-c87d378bde01"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qeqnjdds.hugugmadani6.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864989/; classtype:trojan-activity;sid:84728089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.171.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864988/; classtype:trojan-activity;sid:84728088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.223.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864987/; classtype:trojan-activity;sid:84728087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.97.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864986/; classtype:trojan-activity;sid:84728086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864985)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.233.113.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864985/; classtype:trojan-activity;sid:84728085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.106.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864984/; classtype:trojan-activity;sid:84728084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864983)"; flow:established,from_client; content:"GET"; http_method; content:"/3e2e3095-d3e0-46ed-9ff8-4946a6da363c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ncpzdseh.usoleamoozesh.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864983/; classtype:trojan-activity;sid:84728083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.223.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864982/; classtype:trojan-activity;sid:84728082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864981)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864981/; classtype:trojan-activity;sid:84728081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864969)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.dick"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864969/; classtype:trojan-activity;sid:84728069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864970)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864970/; classtype:trojan-activity;sid:84728070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864971)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.dick"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864971/; classtype:trojan-activity;sid:84728071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864972)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864972/; classtype:trojan-activity;sid:84728072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864973)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.dick"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864973/; classtype:trojan-activity;sid:84728073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864974)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.dick"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864974/; classtype:trojan-activity;sid:84728074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864975)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864975/; classtype:trojan-activity;sid:84728075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864976)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864976/; classtype:trojan-activity;sid:84728076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864977)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864977/; classtype:trojan-activity;sid:84728077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864978)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864978/; classtype:trojan-activity;sid:84728078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864979)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864979/; classtype:trojan-activity;sid:84728079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864980)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864980/; classtype:trojan-activity;sid:84728080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864954)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.56.209.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864954/; classtype:trojan-activity;sid:84728054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864955)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864955/; classtype:trojan-activity;sid:84728055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864956)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.56.209.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864956/; classtype:trojan-activity;sid:84728056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864957)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864957/; classtype:trojan-activity;sid:84728057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864958)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.56.209.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864958/; classtype:trojan-activity;sid:84728058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864959)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv4l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.56.209.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864959/; classtype:trojan-activity;sid:84728059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864960)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.56.209.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864960/; classtype:trojan-activity;sid:84728060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864961)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864961/; classtype:trojan-activity;sid:84728061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864962)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.56.209.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864962/; classtype:trojan-activity;sid:84728062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864963)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv7l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.56.209.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864963/; classtype:trojan-activity;sid:84728063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864964)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.56.209.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864964/; classtype:trojan-activity;sid:84728064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864965)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"31.56.209.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864965/; classtype:trojan-activity;sid:84728065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864966)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"31.56.209.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864966/; classtype:trojan-activity;sid:84728066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864967)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.56.209.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864967/; classtype:trojan-activity;sid:84728067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864968)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i468"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864968/; classtype:trojan-activity;sid:84728068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864953/; classtype:trojan-activity;sid:84728053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.152.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864952/; classtype:trojan-activity;sid:84728052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864951)"; flow:established,from_client; content:"GET"; http_method; content:"/2e8ffe65-52c2-4ef6-8713-0c78e4a121eb"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"chjwx.danestanihavarzeshi.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864951/; classtype:trojan-activity;sid:84728051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864950)"; flow:established,from_client; content:"GET"; http_method; content:"/np.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"viveturetiro.mx"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864950/; classtype:trojan-activity;sid:84728050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864949)"; flow:established,from_client; content:"GET"; http_method; content:"/gpazlluwij_14_05_meus_arquivosdetexto//01.txt"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"andrefelipedonascime1778799406970.2241107.meusitehostgator.com.br"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864949/; classtype:trojan-activity;sid:84728049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864948)"; flow:established,from_client; content:"GET"; http_method; content:"/de9b02ea-7628-46d9-86cf-a9dfb1fe2a5d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fqcwxddh.tractor11.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864948/; classtype:trojan-activity;sid:84728048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864947)"; flow:established,from_client; content:"GET"; http_method; content:"/gpazlluwij_14_05_meus_arquivosdetexto/03.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"andrefelipedonascime1778799406970.2241107.meusitehostgator.com.br"; http_host; depth:65; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864947/; classtype:trojan-activity;sid:84728047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864945)"; flow:established,from_client; content:"GET"; http_method; content:"/billymonday.msi"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"s-14billmondy.s3.us-east-2.amazonaws.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864945/; classtype:trojan-activity;sid:84728045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864946)"; flow:established,from_client; content:"GET"; http_method; content:"/billymonday.msi"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"s-14billmondy.s3.us-east-2.amazonaws.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864946/; classtype:trojan-activity;sid:84728046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864941)"; flow:established,from_client; content:"GET"; http_method; content:"/data/zoom/windows/download.php"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"samiksha.com.sg"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864941/; classtype:trojan-activity;sid:84728041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864942)"; flow:established,from_client; content:"GET"; http_method; content:"/data/zoom/windows/download.php"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"samiksha.com.sg"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864942/; classtype:trojan-activity;sid:84728042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864943)"; flow:established,from_client; content:"GET"; http_method; content:"/data/zoom/windows/download.php/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"samiksha.com.sg"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864943/; classtype:trojan-activity;sid:84728043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"alpanel.screenconnect.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864944/; classtype:trojan-activity;sid:84728044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864940)"; flow:established,from_client; content:"GET"; http_method; content:"/docusign/windows/download/index.php"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"absolutecaninepa.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864940/; classtype:trojan-activity;sid:84728040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864939)"; flow:established,from_client; content:"GET"; http_method; content:"/docusign/d0cs/windows/download/index.php"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"docsonlineshare.shorepowersolution.net"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864939/; classtype:trojan-activity;sid:84728039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864935)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.135.194.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864935/; classtype:trojan-activity;sid:84728035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864936)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.135.194.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864936/; classtype:trojan-activity;sid:84728036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864937)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.135.194.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864937/; classtype:trojan-activity;sid:84728037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864938)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.135.194.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864938/; classtype:trojan-activity;sid:84728038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864933)"; flow:established,from_client; content:"GET"; http_method; content:"/cumshotnews"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"192.142.28.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864933/; classtype:trojan-activity;sid:84728033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864934)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.dick"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.135.194.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864934/; classtype:trojan-activity;sid:84728034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864932)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_ff7be7df8b1596c3.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864932/; classtype:trojan-activity;sid:84728032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.82.171.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864931/; classtype:trojan-activity;sid:84728031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864922)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.135.194.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864922/; classtype:trojan-activity;sid:84728022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864923)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.135.194.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864923/; classtype:trojan-activity;sid:84728023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864924)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.135.194.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864924/; classtype:trojan-activity;sid:84728024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864925)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.dick"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.135.194.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864925/; classtype:trojan-activity;sid:84728025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864926)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.dick"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.135.194.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864926/; classtype:trojan-activity;sid:84728026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864927)"; flow:established,from_client; content:"GET"; http_method; content:"/dick.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.135.194.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864927/; classtype:trojan-activity;sid:84728027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864928)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.dick"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.135.194.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864928/; classtype:trojan-activity;sid:84728028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864929)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.dick"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.135.194.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864929/; classtype:trojan-activity;sid:84728029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.230.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864930/; classtype:trojan-activity;sid:84728030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864921/; classtype:trojan-activity;sid:84728021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864920)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=ab37b617-940d-4b56-bd46-6d5beb88a1e4"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"jibkc2ky.geotechnictahuni.store"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864920/; classtype:trojan-activity;sid:84728020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864919)"; flow:established,from_client; content:"GET"; http_method; content:"/b5bf87e3-a072-4603-a308-bfa23621298a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ttmwdcsm.testranandegi.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864919/; classtype:trojan-activity;sid:84728019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.32.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864918/; classtype:trojan-activity;sid:84728018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864917)"; flow:established,from_client; content:"GET"; http_method; content:"/4ce0ea39-2bc7-40e9-9840-1e8387d45531"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"dkrxwehc.testpaye.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864917/; classtype:trojan-activity;sid:84728017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.32.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864916/; classtype:trojan-activity;sid:84728016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.188.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864915/; classtype:trojan-activity;sid:84728015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864914)"; flow:established,from_client; content:"GET"; http_method; content:"/b4ca518c-8957-4ffc-91dd-a80e0a865df5"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bxzyp.daneshkhanevade.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864914/; classtype:trojan-activity;sid:84728014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864913)"; flow:established,from_client; content:"GET"; http_method; content:"/8fbe1ca0-3a94-4d25-8bed-0a8f0447b8a0"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cucnczaq.testdrivepaye3.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864913/; classtype:trojan-activity;sid:84728013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864912)"; flow:established,from_client; content:"GET"; http_method; content:"/8f14f5a1-25de-4ced-a7b7-30205d9415fa"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"oxfzzuaq.tasisathosseini.shop"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864912/; classtype:trojan-activity;sid:84728012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.220.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864911/; classtype:trojan-activity;sid:84728011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864910)"; flow:established,from_client; content:"GET"; http_method; content:"/79f1c4da-a639-4799-ae13-de96fa85d349"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vwochim.megaparikade.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864910/; classtype:trojan-activity;sid:84728010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.251.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864909/; classtype:trojan-activity;sid:84728009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864908)"; flow:established,from_client; content:"GET"; http_method; content:"/img/optimized_msi.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"107.172.235.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864908/; classtype:trojan-activity;sid:84728008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864903)"; flow:established,from_client; content:"GET"; http_method; content:"/25/optimized_msi.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"107.172.172.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864903/; classtype:trojan-activity;sid:84728003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864904)"; flow:established,from_client; content:"GET"; http_method; content:"/84/img_094508.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.172.172.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864904/; classtype:trojan-activity;sid:84728004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864905)"; flow:established,from_client; content:"GET"; http_method; content:"/95/verygoodpersonhavingmybestchancestogivme.hta"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"107.172.235.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864905/; classtype:trojan-activity;sid:84728005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864906)"; flow:established,from_client; content:"GET"; http_method; content:"/httpswww.bettercloud.commonitorthe-perils-of-expose-files-y-external-file-sharing-needs-security-prosess.php"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"107.172.235.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864906/; classtype:trojan-activity;sid:84728006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864907)"; flow:established,from_client; content:"GET"; http_method; content:"/92/goodplacebestchoiceformebetterplacecoming.hta"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"107.172.172.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864907/; classtype:trojan-activity;sid:84728007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864898)"; flow:established,from_client; content:"GET"; http_method; content:"/httpswww.gartner.comennewsroompress-releases2025-05-13-gartner-identifies-top-trends-shaping-the-future-of-cloud-o900.php"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"107.172.172.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864898/; classtype:trojan-activity;sid:84727998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864899)"; flow:established,from_client; content:"GET"; http_method; content:"/84/goodthingshappenedsoonbro.hta"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"107.172.172.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864899/; classtype:trojan-activity;sid:84727999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864900)"; flow:established,from_client; content:"GET"; http_method; content:"/httpsappexchange.salesforce.comappxlistingdetaillistingid=a0n3a00000efntjun3a00000efntjun3a00000efntjun3a00000efntt.php"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"107.172.172.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864900/; classtype:trojan-activity;sid:84728000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864901)"; flow:established,from_client; content:"GET"; http_method; content:"/87/goodthingswithbetterworldcoming.hta"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"107.172.235.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864901/; classtype:trojan-activity;sid:84728001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864902)"; flow:established,from_client; content:"GET"; http_method; content:"/httpswww.bettercloud.commonitorthe-perils-of-exposed-files-why-external-file-sharing-needs-security-prosess.php"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"107.172.235.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864902/; classtype:trojan-activity;sid:84728002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864897)"; flow:established,from_client; content:"GET"; http_method; content:"/18300527-3931-4870-a422-e33acbf09266"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qqpidjr.megaparikade.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864897/; classtype:trojan-activity;sid:84727997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864896)"; flow:established,from_client; content:"GET"; http_method; content:"/67df51fe-9a20-4165-bd83-a0cf8387b77f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fcxkiekt.tasisathosseini.shop"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864896/; classtype:trojan-activity;sid:84727996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.54.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864895/; classtype:trojan-activity;sid:84727995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"124.198.132.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864894/; classtype:trojan-activity;sid:84727994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"124.198.132.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864893/; classtype:trojan-activity;sid:84727993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"124.198.131.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864892/; classtype:trojan-activity;sid:84727992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"124.198.131.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864891/; classtype:trojan-activity;sid:84727991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.220.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864890/; classtype:trojan-activity;sid:84727990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864889)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864889/; classtype:trojan-activity;sid:84727989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864888)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864888/; classtype:trojan-activity;sid:84727988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864883)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864883/; classtype:trojan-activity;sid:84727983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864884)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864884/; classtype:trojan-activity;sid:84727984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864885)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864885/; classtype:trojan-activity;sid:84727985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864886)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864886/; classtype:trojan-activity;sid:84727986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864887)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mipsrouter"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864887/; classtype:trojan-activity;sid:84727987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864880)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864880/; classtype:trojan-activity;sid:84727980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864881)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864881/; classtype:trojan-activity;sid:84727981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864882)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864882/; classtype:trojan-activity;sid:84727982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864875)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv7l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864875/; classtype:trojan-activity;sid:84727975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864876)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv4l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864876/; classtype:trojan-activity;sid:84727976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864877)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864877/; classtype:trojan-activity;sid:84727977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864878)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864878/; classtype:trojan-activity;sid:84727978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864879)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864879/; classtype:trojan-activity;sid:84727979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864873)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864873/; classtype:trojan-activity;sid:84727973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864874)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864874/; classtype:trojan-activity;sid:84727974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864872)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864872/; classtype:trojan-activity;sid:84727972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864870)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864870/; classtype:trojan-activity;sid:84727970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864871)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864871/; classtype:trojan-activity;sid:84727971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864869)"; flow:established,from_client; content:"GET"; http_method; content:"/5c1c5e3e-63b1-473a-a600-8f7a1935c2be"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mjwougwp.tarikhravannovin.shop"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864869/; classtype:trojan-activity;sid:84727969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.168.67.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864868/; classtype:trojan-activity;sid:84727968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"89.40.31.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864867/; classtype:trojan-activity;sid:84727967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864866)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=917e1e3d-cfad-4500-ae28-b435cbd1a785"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"0dt4r35j.gavaedfagahe.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864866/; classtype:trojan-activity;sid:84727966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"89.40.31.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864865/; classtype:trojan-activity;sid:84727965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"62.60.226.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864863/; classtype:trojan-activity;sid:84727963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"62.60.226.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864864/; classtype:trojan-activity;sid:84727964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"64.89.160.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864859/; classtype:trojan-activity;sid:84727959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.151.182.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864860/; classtype:trojan-activity;sid:84727960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"64.89.160.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864861/; classtype:trojan-activity;sid:84727961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864862/; classtype:trojan-activity;sid:84727962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.39.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864858/; classtype:trojan-activity;sid:84727958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.188.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864857/; classtype:trojan-activity;sid:84727957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.190.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864855/; classtype:trojan-activity;sid:84727955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"213.111.147.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864856/; classtype:trojan-activity;sid:84727956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.188.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864853/; classtype:trojan-activity;sid:84727953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.188.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864854/; classtype:trojan-activity;sid:84727954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.188.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864852/; classtype:trojan-activity;sid:84727952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.190.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864849/; classtype:trojan-activity;sid:84727949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.190.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864850/; classtype:trojan-activity;sid:84727950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864851)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.111.147.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864851/; classtype:trojan-activity;sid:84727951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864848)"; flow:established,from_client; content:"GET"; http_method; content:"/94/brightfeaturescomingforbestthingsforme.hta"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"107.172.235.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864848/; classtype:trojan-activity;sid:84727948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864847)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_11ecfa7ba4592d56.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864847/; classtype:trojan-activity;sid:84727947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864845)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.184.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864845/; classtype:trojan-activity;sid:84727945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.188.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864846/; classtype:trojan-activity;sid:84727946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.236.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864844/; classtype:trojan-activity;sid:84727944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.184.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864842/; classtype:trojan-activity;sid:84727942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.184.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864843/; classtype:trojan-activity;sid:84727943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.184.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864839/; classtype:trojan-activity;sid:84727939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.188.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864840/; classtype:trojan-activity;sid:84727940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.188.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864841/; classtype:trojan-activity;sid:84727941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.185.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864837/; classtype:trojan-activity;sid:84727937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.185.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864838/; classtype:trojan-activity;sid:84727938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.184.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864832/; classtype:trojan-activity;sid:84727932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.185.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864833/; classtype:trojan-activity;sid:84727933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.188.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864834/; classtype:trojan-activity;sid:84727934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.185.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864835/; classtype:trojan-activity;sid:84727935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.184.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864836/; classtype:trojan-activity;sid:84727936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.24.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864831/; classtype:trojan-activity;sid:84727931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"77.83.39.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864830/; classtype:trojan-activity;sid:84727930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"77.83.39.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864827/; classtype:trojan-activity;sid:84727927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"77.83.39.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864828/; classtype:trojan-activity;sid:84727928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864829)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"77.83.39.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864829/; classtype:trojan-activity;sid:84727929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"130.94.114.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864826/; classtype:trojan-activity;sid:84727926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864825)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.197.12.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864825/; classtype:trojan-activity;sid:84727925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.185.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864824/; classtype:trojan-activity;sid:84727924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864823)"; flow:established,from_client; content:"GET"; http_method; content:"/c9304589-54fb-4d24-8a01-a28c1055b068"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"amrwjltv.tarikhcheravanshenasi.xyz"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864823/; classtype:trojan-activity;sid:84727923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864822)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864822/; classtype:trojan-activity;sid:84727922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864821)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864821/; classtype:trojan-activity;sid:84727921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864819)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864819/; classtype:trojan-activity;sid:84727919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864820)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864820/; classtype:trojan-activity;sid:84727920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864818)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864818/; classtype:trojan-activity;sid:84727918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864817)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864817/; classtype:trojan-activity;sid:84727917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864814)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864814/; classtype:trojan-activity;sid:84727914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864815)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864815/; classtype:trojan-activity;sid:84727915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864816)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864816/; classtype:trojan-activity;sid:84727916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864810)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864810/; classtype:trojan-activity;sid:84727910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864811)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864811/; classtype:trojan-activity;sid:84727911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864812)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864812/; classtype:trojan-activity;sid:84727912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864813)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864813/; classtype:trojan-activity;sid:84727913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864809)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dbg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864809/; classtype:trojan-activity;sid:84727909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864800)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864800/; classtype:trojan-activity;sid:84727900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864801)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864801/; classtype:trojan-activity;sid:84727901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864802)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864802/; classtype:trojan-activity;sid:84727902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864803)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864803/; classtype:trojan-activity;sid:84727903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864804)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864804/; classtype:trojan-activity;sid:84727904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864805)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864805/; classtype:trojan-activity;sid:84727905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864806)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864806/; classtype:trojan-activity;sid:84727906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864807)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864807/; classtype:trojan-activity;sid:84727907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864808)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864808/; classtype:trojan-activity;sid:84727908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864796)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864796/; classtype:trojan-activity;sid:84727896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864797)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864797/; classtype:trojan-activity;sid:84727897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864798)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864798/; classtype:trojan-activity;sid:84727898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864799)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864799/; classtype:trojan-activity;sid:84727899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.188.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864795/; classtype:trojan-activity;sid:84727895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.188.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864794/; classtype:trojan-activity;sid:84727894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864793)"; flow:established,from_client; content:"GET"; http_method; content:"/e100b367-ecf6-41a7-a832-59e9eed7ffb4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xrexe.bookdrive.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864793/; classtype:trojan-activity;sid:84727893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.236.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864792/; classtype:trojan-activity;sid:84727892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.3.251"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864791/; classtype:trojan-activity;sid:84727891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864790)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=27925330-01b4-4e04-b077-227f05e04e2d"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"h4z6bu79.akhbarsport.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864790/; classtype:trojan-activity;sid:84727890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.52.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864789/; classtype:trojan-activity;sid:84727889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.50.148.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864788/; classtype:trojan-activity;sid:84727888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864787)"; flow:established,from_client; content:"GET"; http_method; content:"/103d6889-6e12-44d9-9b49-ea5952cc9014"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"onnzlkiy.shartbandi.games"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864787/; classtype:trojan-activity;sid:84727887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.227.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864786/; classtype:trojan-activity;sid:84727886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.241.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864785/; classtype:trojan-activity;sid:84727885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.3.251"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864784/; classtype:trojan-activity;sid:84727884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864783)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.ppc440"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.56.209.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864783/; classtype:trojan-activity;sid:84727883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864780)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864780/; classtype:trojan-activity;sid:84727880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864781)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.56.209.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864781/; classtype:trojan-activity;sid:84727881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864782)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864782/; classtype:trojan-activity;sid:84727882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864777)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864777/; classtype:trojan-activity;sid:84727877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864778)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.56.209.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864778/; classtype:trojan-activity;sid:84727878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864779)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.56.209.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864779/; classtype:trojan-activity;sid:84727879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864776)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_aarch64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.119.13.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864776/; classtype:trojan-activity;sid:84727876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864768)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.119.13.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864768/; classtype:trojan-activity;sid:84727868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864769)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.119.13.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864769/; classtype:trojan-activity;sid:84727869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864770)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.119.13.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864770/; classtype:trojan-activity;sid:84727870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864771)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64el"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.119.13.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864771/; classtype:trojan-activity;sid:84727871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864772)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.119.13.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864772/; classtype:trojan-activity;sid:84727872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864773)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.119.13.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864773/; classtype:trojan-activity;sid:84727873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864774)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.119.13.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864774/; classtype:trojan-activity;sid:84727874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864775)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.119.13.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864775/; classtype:trojan-activity;sid:84727875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864767)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.119.13.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864767/; classtype:trojan-activity;sid:84727867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.242.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864766/; classtype:trojan-activity;sid:84727866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.50.148.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864765/; classtype:trojan-activity;sid:84727865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.232.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864764/; classtype:trojan-activity;sid:84727864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.24.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864763/; classtype:trojan-activity;sid:84727863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.241.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864762/; classtype:trojan-activity;sid:84727862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864761)"; flow:established,from_client; content:"GET"; http_method; content:"/output_86.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.119.3.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864761/; classtype:trojan-activity;sid:84727861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.52.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864760/; classtype:trojan-activity;sid:84727860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864759)"; flow:established,from_client; content:"GET"; http_method; content:"/b19a75f0-f4ae-4e17-9069-adeec525d6c5"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mukvsxft.sazebetonarme.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864759/; classtype:trojan-activity;sid:84727859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864758)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.227.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864758/; classtype:trojan-activity;sid:84727858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.77.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864757/; classtype:trojan-activity;sid:84727857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.39.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864756/; classtype:trojan-activity;sid:84727856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.232.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864755/; classtype:trojan-activity;sid:84727855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.242.137.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864754/; classtype:trojan-activity;sid:84727854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864753/; classtype:trojan-activity;sid:84727853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864751)"; flow:established,from_client; content:"GET"; http_method; content:"/dick.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.148.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864751/; classtype:trojan-activity;sid:84727851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.67.158.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864752/; classtype:trojan-activity;sid:84727852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.166.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864749/; classtype:trojan-activity;sid:84727849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864750)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"policeonliine2026.vercel.app"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864750/; classtype:trojan-activity;sid:84727850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864746)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_c00e71adddd6740e.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864746/; classtype:trojan-activity;sid:84727846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864747)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_6b58124b24e186cf.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864747/; classtype:trojan-activity;sid:84727847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864748)"; flow:established,from_client; content:"GET"; http_method; content:"/download/direct/072cfe24-aace-432d-a7d7-a20945261951/microsoftteamsupdate.msi"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"store1.gofile.io"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864748/; classtype:trojan-activity;sid:84727848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864745)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_c97ecfeaa6eec157.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864745/; classtype:trojan-activity;sid:84727845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864744)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=aaafc769-ed3f-4200-a620-48a9d9e7a3f3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"nrqyn3ip.garatequran.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864744/; classtype:trojan-activity;sid:84727844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864743)"; flow:established,from_client; content:"GET"; http_method; content:"/9a888675-964e-42f5-8187-968d29deef86"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fhprjdfj.sanjeshvaandazegiri.shop"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864743/; classtype:trojan-activity;sid:84727843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.201.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864742/; classtype:trojan-activity;sid:84727842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.242.137.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864741/; classtype:trojan-activity;sid:84727841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864740)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"80.94.92.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864740/; classtype:trojan-activity;sid:84727840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864739)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"80.94.92.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864739/; classtype:trojan-activity;sid:84727839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864738)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"80.94.92.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864738/; classtype:trojan-activity;sid:84727838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864736)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.94.92.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864736/; classtype:trojan-activity;sid:84727836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864737)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.94.92.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864737/; classtype:trojan-activity;sid:84727837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864735)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"80.94.92.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864735/; classtype:trojan-activity;sid:84727835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.49.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864734/; classtype:trojan-activity;sid:84727834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864733)"; flow:established,from_client; content:"GET"; http_method; content:"/5a5856b6-5ac4-4104-950b-01e928f3ab8d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"yqzbm.barnamenevisi.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864733/; classtype:trojan-activity;sid:84727833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.201.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864732/; classtype:trojan-activity;sid:84727832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.150.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864731/; classtype:trojan-activity;sid:84727831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864730)"; flow:established,from_client; content:"GET"; http_method; content:"/e19c2c74-2c32-4567-ac94-2e37e701f082"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"maryaxdn.sanjeshravani.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864730/; classtype:trojan-activity;sid:84727830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864729)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=a06c6046-33db-4fc4-8367-971293307ac9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"fpsjq82d.shartbandifootballkade.online"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864729/; classtype:trojan-activity;sid:84727829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864728)"; flow:established,from_client; content:"GET"; http_method; content:"/kmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.223.82.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864728/; classtype:trojan-activity;sid:84727828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"23.148.144.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864727/; classtype:trojan-activity;sid:84727827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"23.148.144.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864723/; classtype:trojan-activity;sid:84727823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"23.148.144.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864724/; classtype:trojan-activity;sid:84727824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"23.146.242.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864725/; classtype:trojan-activity;sid:84727825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"23.146.242.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864726/; classtype:trojan-activity;sid:84727826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.16.164.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864722/; classtype:trojan-activity;sid:84727822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864721)"; flow:established,from_client; content:"GET"; http_method; content:"/karm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.223.82.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864721/; classtype:trojan-activity;sid:84727821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864714)"; flow:established,from_client; content:"GET"; http_method; content:"/karm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.223.82.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864714/; classtype:trojan-activity;sid:84727814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864715)"; flow:established,from_client; content:"GET"; http_method; content:"/lul.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.223.82.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864715/; classtype:trojan-activity;sid:84727815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864716)"; flow:established,from_client; content:"GET"; http_method; content:"/karm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.223.82.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864716/; classtype:trojan-activity;sid:84727816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864717)"; flow:established,from_client; content:"GET"; http_method; content:"/karm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.223.82.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864717/; classtype:trojan-activity;sid:84727817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864718)"; flow:established,from_client; content:"GET"; http_method; content:"/kmpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.223.82.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864718/; classtype:trojan-activity;sid:84727818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864719)"; flow:established,from_client; content:"GET"; http_method; content:"/tul.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.223.82.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864719/; classtype:trojan-activity;sid:84727819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864720)"; flow:established,from_client; content:"GET"; http_method; content:"/lul.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.223.82.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864720/; classtype:trojan-activity;sid:84727820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864713)"; flow:established,from_client; content:"GET"; http_method; content:"/lul.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.223.82.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864713/; classtype:trojan-activity;sid:84727813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.174.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864712/; classtype:trojan-activity;sid:84727812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864711)"; flow:established,from_client; content:"GET"; http_method; content:"/6221f596-557c-4ee4-b959-b95791576ac0"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bcfrgjpx.sakhtemandade.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864711/; classtype:trojan-activity;sid:84727811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.220.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864710/; classtype:trojan-activity;sid:84727810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864709)"; flow:established,from_client; content:"GET"; http_method; content:"/5bf76801-ba53-4d8b-9cd5-90988b1f2116"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vazqhwad.sadreislam.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864709/; classtype:trojan-activity;sid:84727809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.220.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864708/; classtype:trojan-activity;sid:84727808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.4.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864707/; classtype:trojan-activity;sid:84727807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864706)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=03634b15-1e50-421f-b0fb-c7c1f5242acd"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"qilapvvt.ganuneasasi.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864706/; classtype:trojan-activity;sid:84727806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864705)"; flow:established,from_client; content:"GET"; http_method; content:"/a585e437-f996-4efa-916c-4bbad2290c8f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pnuwf.bankefile.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864705/; classtype:trojan-activity;sid:84727805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864704)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=6106c9f6-2ff1-4f99-8711-1d19b7af7f1b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"yl1r3n6e.shartbandifootballkade.online"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864704/; classtype:trojan-activity;sid:84727804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864703)"; flow:established,from_client; content:"GET"; http_method; content:"/1b429b91-a801-4b60-9aff-da22e9b182b3"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"utnoqzc.melbetkade.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864703/; classtype:trojan-activity;sid:84727803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864702)"; flow:established,from_client; content:"GET"; http_method; content:"/abf44237-8254-463d-8d53-457b384ef5e2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pauheuld.questionsmotor.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864702/; classtype:trojan-activity;sid:84727802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.157.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864701/; classtype:trojan-activity;sid:84727801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.4.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864700/; classtype:trojan-activity;sid:84727800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.47.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864699/; classtype:trojan-activity;sid:84727799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.26.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864698/; classtype:trojan-activity;sid:84727798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.220.145.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864697/; classtype:trojan-activity;sid:84727797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.182.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864696/; classtype:trojan-activity;sid:84727796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864695)"; flow:established,from_client; content:"GET"; http_method; content:"/33497cf8-28be-4556-82eb-c6cb58f74919"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"everztsi.maharatmodiran.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864695/; classtype:trojan-activity;sid:84727795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.9.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864694/; classtype:trojan-activity;sid:84727794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.47.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864693/; classtype:trojan-activity;sid:84727793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.182.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864692/; classtype:trojan-activity;sid:84727792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.26.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864691/; classtype:trojan-activity;sid:84727791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.179.88.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864690/; classtype:trojan-activity;sid:84727790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.127.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864689/; classtype:trojan-activity;sid:84727789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.247.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864688/; classtype:trojan-activity;sid:84727788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.242.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864687/; classtype:trojan-activity;sid:84727787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864686)"; flow:established,from_client; content:"GET"; http_method; content:"/cd00127f-f290-41e4-a828-1f87145ca4c5"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"tblrdccw.mabanishimi.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864686/; classtype:trojan-activity;sid:84727786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.127.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864685/; classtype:trojan-activity;sid:84727785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.76.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864684/; classtype:trojan-activity;sid:84727784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.76.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864683/; classtype:trojan-activity;sid:84727783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864682)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d41d9a01-e96c-4e7b-aca8-f7580ad4d3eb"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"543533s9.nagshekeshi.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864682/; classtype:trojan-activity;sid:84727782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.27.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864681/; classtype:trojan-activity;sid:84727781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864680)"; flow:established,from_client; content:"GET"; http_method; content:"/e5a86ae5-a9e9-4dd5-81d6-4415606fc1cb"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"tawej.bankefiile.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864680/; classtype:trojan-activity;sid:84727780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864679)"; flow:established,from_client; content:"GET"; http_method; content:"/00e1ee19-4c81-4043-a499-43d8f935a0cc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fkwiyfrv.leaguejazire.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864679/; classtype:trojan-activity;sid:84727779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864678)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=23d6a378-6e9d-4926-a03b-a63b7198edbc"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"7y077du1.enfejarkade.online"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864678/; classtype:trojan-activity;sid:84727778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.167.224.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864677/; classtype:trojan-activity;sid:84727777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864676)"; flow:established,from_client; content:"GET"; http_method; content:"/683d4635-b1e0-4cb0-8815-d59949166ee2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lvegwzzz.karbordriyaziyat.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864676/; classtype:trojan-activity;sid:84727776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864675/; classtype:trojan-activity;sid:84727775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864674)"; flow:established,from_client; content:"GET"; http_method; content:"/2c95b6da-0fd9-42f6-86e7-b6829178737c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lhpahogn.karafarini.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864674/; classtype:trojan-activity;sid:84727774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.237.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864673/; classtype:trojan-activity;sid:84727773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.34.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864672/; classtype:trojan-activity;sid:84727772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.34.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864671/; classtype:trojan-activity;sid:84727771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864670)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=6411e125-68f0-46c4-aaf8-d9f7a0a4bcf3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"sdppicy4.shansline.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864670/; classtype:trojan-activity;sid:84727770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.100.132.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864669/; classtype:trojan-activity;sid:84727769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864668)"; flow:established,from_client; content:"GET"; http_method; content:"/cb923bef-04d8-45bf-b0f4-bdd253aff14e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qelljcx.megaparikade.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864668/; classtype:trojan-activity;sid:84727768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.196.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864667/; classtype:trojan-activity;sid:84727767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.35.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864666/; classtype:trojan-activity;sid:84727766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864665)"; flow:established,from_client; content:"GET"; http_method; content:"/a5735095-434f-4e01-9b16-d7b66d90ec96"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xiazx.azmoonzare.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864665/; classtype:trojan-activity;sid:84727765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864664)"; flow:established,from_client; content:"GET"; http_method; content:"/bcde484a-5c02-4f55-b844-02551a80424c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bgfwrtgo.jam-jahani.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864664/; classtype:trojan-activity;sid:84727764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.100.132.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864663/; classtype:trojan-activity;sid:84727763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.196.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864662/; classtype:trojan-activity;sid:84727762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.118.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864661/; classtype:trojan-activity;sid:84727761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864660)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=15ee193a-365d-4bf3-b08a-86fc71d9a1f3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"q6ewl5b2.casinokade.online"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864660/; classtype:trojan-activity;sid:84727760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864659)"; flow:established,from_client; content:"GET"; http_method; content:"/adc55840-71f5-451e-9521-c9308c34ee5e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"twmpoxnh.hugugtejarat4.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864659/; classtype:trojan-activity;sid:84727759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.59.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864657/; classtype:trojan-activity;sid:84727757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.35.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864658/; classtype:trojan-activity;sid:84727758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.193.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864655/; classtype:trojan-activity;sid:84727755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.136.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864656/; classtype:trojan-activity;sid:84727756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.193.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864654/; classtype:trojan-activity;sid:84727754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.136.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864653/; classtype:trojan-activity;sid:84727753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864652)"; flow:established,from_client; content:"GET"; http_method; content:"/0294fa63-458e-417a-a250-cc00d81b6795"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cwpjgrng.hugugtatbigi.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864652/; classtype:trojan-activity;sid:84727752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.18.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_15; reference:url, urlhaus.abuse.ch/url/3864651/; classtype:trojan-activity;sid:84727751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864650)"; flow:established,from_client; content:"GET"; http_method; content:"/bc6de1c8-82ed-4e30-af1d-eae42754b3ba"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"wxlfp.motorbook.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864650/; classtype:trojan-activity;sid:84727750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864649)"; flow:established,from_client; content:"GET"; http_method; content:"/c085d521-cb10-4e60-8191-117bfe9a736c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"idcmamvr.hugugmadanikatouzian.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864649/; classtype:trojan-activity;sid:84727749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.18.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864648/; classtype:trojan-activity;sid:84727748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.251.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864647/; classtype:trojan-activity;sid:84727747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.14.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864646/; classtype:trojan-activity;sid:84727746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864645)"; flow:established,from_client; content:"GET"; http_method; content:"/1abab7ca-15bf-45f7-acec-9ce0a13f9009"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ldbrrvwc.hugugmadani6.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864645/; classtype:trojan-activity;sid:84727745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.182.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864644/; classtype:trojan-activity;sid:84727744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.5.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864643/; classtype:trojan-activity;sid:84727743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.91.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864641/; classtype:trojan-activity;sid:84727741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.182.239.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864642/; classtype:trojan-activity;sid:84727742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.5.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864640/; classtype:trojan-activity;sid:84727740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864639)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=4d484c51-cb81-4b7a-825b-34ad656e518a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"r7mbajwk.bordestan.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864639/; classtype:trojan-activity;sid:84727739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864638)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.182.239.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864638/; classtype:trojan-activity;sid:84727738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864637)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d418f9b5-5c26-4072-a439-6ecec91483ff"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"q5r1s83i.shartmag.bet"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864637/; classtype:trojan-activity;sid:84727737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864636)"; flow:established,from_client; content:"GET"; http_method; content:"/1a3afd54-ee9b-4230-a75f-68e6ed180c56"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"iyejvhz.shansbartar.bet"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864636/; classtype:trojan-activity;sid:84727736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.121.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864635/; classtype:trojan-activity;sid:84727735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.80.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864634/; classtype:trojan-activity;sid:84727734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.182.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864633/; classtype:trojan-activity;sid:84727733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.193.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864632/; classtype:trojan-activity;sid:84727732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864631)"; flow:established,from_client; content:"GET"; http_method; content:"/1c9c47bd-f7bc-44e4-908c-82b6a1f5e7c7"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"rfvxpytm.psgnewsiran.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864631/; classtype:trojan-activity;sid:84727731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.18.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864630/; classtype:trojan-activity;sid:84727730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.140.35.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864629/; classtype:trojan-activity;sid:84727729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.63.185.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864628/; classtype:trojan-activity;sid:84727728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.80.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864627/; classtype:trojan-activity;sid:84727727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.18.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864626/; classtype:trojan-activity;sid:84727726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.201.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864625/; classtype:trojan-activity;sid:84727725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864624)"; flow:established,from_client; content:"GET"; http_method; content:"/3e25423e-77ac-4d3c-a31a-c69495774c23"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zywnzrqf.prozhedownload.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864624/; classtype:trojan-activity;sid:84727724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864623)"; flow:established,from_client; content:"GET"; http_method; content:"/b37bcd63-5dae-437f-a89f-bbb72d9841f1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ipiyt.moshavereravan.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864623/; classtype:trojan-activity;sid:84727723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864622)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=5c80212b-1dd2-4b26-a687-6666f7c4ae74"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"rduzbygb.mustatabashpazi.shop"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864622/; classtype:trojan-activity;sid:84727722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864619)"; flow:established,from_client; content:"GET"; http_method; content:"/nmixx.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864619/; classtype:trojan-activity;sid:84727719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864620)"; flow:established,from_client; content:"GET"; http_method; content:"/us.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864620/; classtype:trojan-activity;sid:84727720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864621)"; flow:established,from_client; content:"GET"; http_method; content:"/nmix.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864621/; classtype:trojan-activity;sid:84727721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.85.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864618/; classtype:trojan-activity;sid:84727718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.98.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864617/; classtype:trojan-activity;sid:84727717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.193.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864616/; classtype:trojan-activity;sid:84727716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.85.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864615/; classtype:trojan-activity;sid:84727715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864614)"; flow:established,from_client; content:"GET"; http_method; content:"/f31599b5-46f7-4078-aad4-d560453d5e16"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"igcokmdd.prozhecart.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864614/; classtype:trojan-activity;sid:84727714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.91.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864613/; classtype:trojan-activity;sid:84727713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.254.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864612/; classtype:trojan-activity;sid:84727712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864611)"; flow:established,from_client; content:"GET"; http_method; content:"/b657f4ef-fa14-46a2-95a9-be50525e3be0"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"aasdaonz.mechanickhodakarami.shop"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864611/; classtype:trojan-activity;sid:84727711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.237.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864610/; classtype:trojan-activity;sid:84727710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.19.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864609/; classtype:trojan-activity;sid:84727709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864608)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=45fe5de3-775f-49d9-8223-b09e26135777"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"qj2ddn7c.zabanmemari.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864608/; classtype:trojan-activity;sid:84727708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.254.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864607/; classtype:trojan-activity;sid:84727707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.163.25.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864606/; classtype:trojan-activity;sid:84727706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864605)"; flow:established,from_client; content:"GET"; http_method; content:"/87e94c82-8c29-4b7f-aee1-9b0ad41c70e8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"irtefuln.masirpayambari.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864605/; classtype:trojan-activity;sid:84727705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.179.88.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864604/; classtype:trojan-activity;sid:84727704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864603)"; flow:established,from_client; content:"GET"; http_method; content:"/yui/86u5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"95.214.53.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864603/; classtype:trojan-activity;sid:84727703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864599)"; flow:established,from_client; content:"GET"; http_method; content:"/yui/ar712"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.214.53.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864599/; classtype:trojan-activity;sid:84727699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864600)"; flow:established,from_client; content:"GET"; http_method; content:"/yui/86u4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"95.214.53.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864600/; classtype:trojan-activity;sid:84727700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864601)"; flow:established,from_client; content:"GET"; http_method; content:"/yui/ar512"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.214.53.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864601/; classtype:trojan-activity;sid:84727701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864602)"; flow:established,from_client; content:"GET"; http_method; content:"/yui/m4y"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.214.53.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864602/; classtype:trojan-activity;sid:84727702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864598)"; flow:established,from_client; content:"GET"; http_method; content:"/33c08169-d87c-4280-8d6e-2b67130f6a57"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zxokl.mabaninazaridelavar.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864598/; classtype:trojan-activity;sid:84727698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.19.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864597/; classtype:trojan-activity;sid:84727697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864596)"; flow:established,from_client; content:"GET"; http_method; content:"/79a5b0ac-cdb7-4023-a710-7280374751e1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"dtgncsqn.masirpayambari.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864596/; classtype:trojan-activity;sid:84727696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.231.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864595/; classtype:trojan-activity;sid:84727695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864594/; classtype:trojan-activity;sid:84727694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.38.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864593/; classtype:trojan-activity;sid:84727693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864592/; classtype:trojan-activity;sid:84727692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864590)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bitter-handsome-truck.digivmm.katapult.cloud"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864590/; classtype:trojan-activity;sid:84727690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864591)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bitter-handsome-truck.digivmm.katapult.cloud"; http_host; depth:44; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864591/; classtype:trojan-activity;sid:84727691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864589)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"152.89.76.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864589/; classtype:trojan-activity;sid:84727689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864588)"; flow:established,from_client; content:"GET"; http_method; content:"/monero.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.89.76.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864588/; classtype:trojan-activity;sid:84727688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.231.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864587/; classtype:trojan-activity;sid:84727687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.247.87.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864586/; classtype:trojan-activity;sid:84727686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864585/; classtype:trojan-activity;sid:84727685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864584)"; flow:established,from_client; content:"GET"; http_method; content:"/c6283d6e-0b96-40ae-bfe6-4dfba30cf762"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xtyqemyq.masaelmohandesi.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864584/; classtype:trojan-activity;sid:84727684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.69.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864583/; classtype:trojan-activity;sid:84727683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.151.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864582/; classtype:trojan-activity;sid:84727682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864581)"; flow:established,from_client; content:"GET"; http_method; content:"/1476d4eb-7aa8-4ded-ba64-1db4dd15fca4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qchwdca.rocketbet.pro"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864581/; classtype:trojan-activity;sid:84727681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864580)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d24d4db3-f3e0-4245-8943-d508b5b1d46a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"rne9p9if.shartbandikade.online"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864580/; classtype:trojan-activity;sid:84727680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864579/; classtype:trojan-activity;sid:84727679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.201.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864578/; classtype:trojan-activity;sid:84727678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864577)"; flow:established,from_client; content:"GET"; http_method; content:"/69062b94-c1b7-4be1-88cd-17679755d67e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fsphwjzi.maharatmodiran.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864577/; classtype:trojan-activity;sid:84727677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.241.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864576/; classtype:trojan-activity;sid:84727676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.58.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864575/; classtype:trojan-activity;sid:84727675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864574)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=9dc854ba-db5a-41a0-b72e-619b9f927b92"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"g7of4qhx.zabanhaggani.shop"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864574/; classtype:trojan-activity;sid:84727674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864573)"; flow:established,from_client; content:"GET"; http_method; content:"/2ab9216d-5c2b-4296-a7bb-01c13617b79d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"kagug.mabaninazari.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864573/; classtype:trojan-activity;sid:84727673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.227.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864572/; classtype:trojan-activity;sid:84727672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864571)"; flow:established,from_client; content:"GET"; http_method; content:"/3d2de796-fef6-4027-b67d-009f9e15b964"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"emqtqmnj.mabanishimi.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864571/; classtype:trojan-activity;sid:84727671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.241.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864570/; classtype:trojan-activity;sid:84727670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.221.241.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864569/; classtype:trojan-activity;sid:84727669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.11.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864568/; classtype:trojan-activity;sid:84727668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.11.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864567/; classtype:trojan-activity;sid:84727667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864566)"; flow:established,from_client; content:"GET"; http_method; content:"/72c4bc63-821e-4c58-990c-7a4cfdb8e58d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cfwrfrqx.leaguejazire.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864566/; classtype:trojan-activity;sid:84727666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.51.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864565/; classtype:trojan-activity;sid:84727665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.236.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864564/; classtype:trojan-activity;sid:84727664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.151.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864563/; classtype:trojan-activity;sid:84727663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.236.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864562/; classtype:trojan-activity;sid:84727662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.58.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864561/; classtype:trojan-activity;sid:84727661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.115.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864560/; classtype:trojan-activity;sid:84727660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864559)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_a3e47055e098a7f8.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864559/; classtype:trojan-activity;sid:84727659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864558)"; flow:established,from_client; content:"GET"; http_method; content:"/d54e501c-b565-4f5e-814a-4f1b29588ae5"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ockpahmv.karbordriyaziyat.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864558/; classtype:trojan-activity;sid:84727658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.115.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864557/; classtype:trojan-activity;sid:84727657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.233.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864556/; classtype:trojan-activity;sid:84727656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.57.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864555/; classtype:trojan-activity;sid:84727655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.75.13.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864554/; classtype:trojan-activity;sid:84727654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.174.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864553/; classtype:trojan-activity;sid:84727653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.201.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864552/; classtype:trojan-activity;sid:84727652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864551)"; flow:established,from_client; content:"GET"; http_method; content:"/29eb7140-b04b-4014-9332-bbacd90534f5"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"shrqj.mabanimashin.site"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864551/; classtype:trojan-activity;sid:84727651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864550)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"video7566.vercel.app"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864550/; classtype:trojan-activity;sid:84727650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864549)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=a7796ba1-14ae-42ec-9ae9-c96db1cdb3c4"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"of8p7ob4.mururhesabdari.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864549/; classtype:trojan-activity;sid:84727649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864548)"; flow:established,from_client; content:"GET"; http_method; content:"/ok"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.182.210.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864548/; classtype:trojan-activity;sid:84727648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864547)"; flow:established,from_client; content:"GET"; http_method; content:"/fa283f87-fd18-405a-add5-7bdac374ab40"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fcsulewd.karafarini.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864547/; classtype:trojan-activity;sid:84727647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.75.13.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864546/; classtype:trojan-activity;sid:84727646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.57.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864545/; classtype:trojan-activity;sid:84727645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864544)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=9d946edb-9321-4e91-b022-26d6fd36d963"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"npmc4uw2.zabanenglishanari.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864544/; classtype:trojan-activity;sid:84727644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.233.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864543/; classtype:trojan-activity;sid:84727643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.51.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864542/; classtype:trojan-activity;sid:84727642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.62.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864540/; classtype:trojan-activity;sid:84727640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.62.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864541/; classtype:trojan-activity;sid:84727641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864539)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=08711c72-b549-4aa4-a739-bbe0df0f976c"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"sw9k00e8.shartbandifootballkade.online"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864539/; classtype:trojan-activity;sid:84727639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864538)"; flow:established,from_client; content:"GET"; http_method; content:"/49750f58-70a0-4bc9-a794-e8f0b8a6e0d2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xntwroz.melbetkade.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864538/; classtype:trojan-activity;sid:84727638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864537)"; flow:established,from_client; content:"GET"; http_method; content:"/904cb344-01c1-4e71-bbaa-785172667e72"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"aaqgnsji.jam-jahani.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864537/; classtype:trojan-activity;sid:84727637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.171.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864536/; classtype:trojan-activity;sid:84727636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.29.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864535/; classtype:trojan-activity;sid:84727635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864534)"; flow:established,from_client; content:"GET"; http_method; content:"/24d1c883-fc9e-4d37-a4c2-bbebe9ba7c95"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ojblxlua.hugugtejarat4.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864534/; classtype:trojan-activity;sid:84727634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.176.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864533/; classtype:trojan-activity;sid:84727633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864532/; classtype:trojan-activity;sid:84727632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864531)"; flow:established,from_client; content:"GET"; http_method; content:"/444/16020572.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"27.124.40.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864531/; classtype:trojan-activity;sid:84727631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864530)"; flow:established,from_client; content:"GET"; http_method; content:"/444/chart.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"27.124.40.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864530/; classtype:trojan-activity;sid:84727630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.103.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864529/; classtype:trojan-activity;sid:84727629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864528)"; flow:established,from_client; content:"GET"; http_method; content:"/7a8011a7-cc17-4af0-abc3-df98ab7daf5a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"rteutcjg.hugugtatbigi.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864528/; classtype:trojan-activity;sid:84727628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864527)"; flow:established,from_client; content:"GET"; http_method; content:"/84f6698d-87bc-4c8a-8770-bd4f669c61e5"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ajthn.mabanieslami2.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864527/; classtype:trojan-activity;sid:84727627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864526)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_b99062f2d7807484.ps1"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864526/; classtype:trojan-activity;sid:84727626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.4.140.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864525/; classtype:trojan-activity;sid:84727625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.4.140.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864524/; classtype:trojan-activity;sid:84727624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.164.107.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864523/; classtype:trojan-activity;sid:84727623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.80.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864522/; classtype:trojan-activity;sid:84727622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.164.107.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864521/; classtype:trojan-activity;sid:84727621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864520)"; flow:established,from_client; content:"GET"; http_method; content:"/47462296-2501-4eaf-8e3f-4ca0565f69a6"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zrbhitjy.hugugmadanikatouzian.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864520/; classtype:trojan-activity;sid:84727620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864519)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=fe1d1674-63bb-4185-ada9-ffa5c2b0f99f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"21g49hcq.vanatarsim.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864519/; classtype:trojan-activity;sid:84727619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.12.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864518/; classtype:trojan-activity;sid:84727618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.88.7.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864517/; classtype:trojan-activity;sid:84727617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.93.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864516/; classtype:trojan-activity;sid:84727616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.88.7.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864515/; classtype:trojan-activity;sid:84727615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864514)"; flow:established,from_client; content:"GET"; http_method; content:"/95adcf96-ee01-42aa-bab0-bcd1e5cb36bc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mxlsapwz.hugugmadani6.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864514/; classtype:trojan-activity;sid:84727614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.39.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864513/; classtype:trojan-activity;sid:84727613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.124.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864512/; classtype:trojan-activity;sid:84727612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864511)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.139.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864511/; classtype:trojan-activity;sid:84727611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.93.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864510/; classtype:trojan-activity;sid:84727610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.86.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864509/; classtype:trojan-activity;sid:84727609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.39.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864508/; classtype:trojan-activity;sid:84727608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864507)"; flow:established,from_client; content:"GET"; http_method; content:"/bf42f494-df81-4b19-9165-84b31372fef8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lvtimaax.usoleamoozesh.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864507/; classtype:trojan-activity;sid:84727607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864506)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=861070b8-153d-447e-8bd7-de5b242950e7"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"sxzvcen2.shansline.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864506/; classtype:trojan-activity;sid:84727606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864505)"; flow:established,from_client; content:"GET"; http_method; content:"/5fe3f645-285a-447b-914e-40e6d469f185"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ygyam.livefootba11.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864505/; classtype:trojan-activity;sid:84727605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864504)"; flow:established,from_client; content:"GET"; http_method; content:"/795dba88-1861-4a71-85cc-e1304fd1625f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"eviwuji.megaparikade.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864504/; classtype:trojan-activity;sid:84727604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.227.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864503/; classtype:trojan-activity;sid:84727603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.114.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864502/; classtype:trojan-activity;sid:84727602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.221.241.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864501/; classtype:trojan-activity;sid:84727601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.111.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864500/; classtype:trojan-activity;sid:84727600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864499)"; flow:established,from_client; content:"GET"; http_method; content:"/9ca8895f-5e51-44e7-85b1-1fecacef1f08"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"wbnggxoc.tractor11.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864499/; classtype:trojan-activity;sid:84727599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.92.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864498/; classtype:trojan-activity;sid:84727598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.240.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864497/; classtype:trojan-activity;sid:84727597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.0.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864496/; classtype:trojan-activity;sid:84727596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.111.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864495/; classtype:trojan-activity;sid:84727595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864494)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d621d067-1cc7-44d3-8067-c62247942532"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"4v96patx.vajename.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864494/; classtype:trojan-activity;sid:84727594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864493)"; flow:established,from_client; content:"GET"; http_method; content:"/43bb9d8d-11d4-4085-9f75-89c83be8e552"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cqtwbvlx.testranandegi.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864493/; classtype:trojan-activity;sid:84727593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.209.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864492/; classtype:trojan-activity;sid:84727592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.124.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864491/; classtype:trojan-activity;sid:84727591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864488)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"infosvo2026.vercel.app"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864488/; classtype:trojan-activity;sid:84727588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864489)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"bazasvo2026.vercel.app"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864489/; classtype:trojan-activity;sid:84727589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864490)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"svo-name-poisk.vercel.app"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864490/; classtype:trojan-activity;sid:84727590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864487)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"policeonlaine2026.vercel.app"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864487/; classtype:trojan-activity;sid:84727587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.114.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864486/; classtype:trojan-activity;sid:84727586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.34.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864485/; classtype:trojan-activity;sid:84727585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.132.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864484/; classtype:trojan-activity;sid:84727584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.3.226"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864483/; classtype:trojan-activity;sid:84727583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864482)"; flow:established,from_client; content:"GET"; http_method; content:"/7ac6dd4b-732c-46d9-8bd0-1d1a7615db5c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xyxoieix.testpaye.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864482/; classtype:trojan-activity;sid:84727582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.245.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864481/; classtype:trojan-activity;sid:84727581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.182.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864480/; classtype:trojan-activity;sid:84727580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864479)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e6c59be8-ae1e-4e16-b98d-7dce8ef9d35b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"m85zqt33.motuntakhasosi.store"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864479/; classtype:trojan-activity;sid:84727579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864478)"; flow:established,from_client; content:"GET"; http_method; content:"/9fe38289-c027-4c33-be5e-65157b9b5f61"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"sujjp.ecologyardakani.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864478/; classtype:trojan-activity;sid:84727578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.182.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864477/; classtype:trojan-activity;sid:84727577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.245.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864476/; classtype:trojan-activity;sid:84727576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.34.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864475/; classtype:trojan-activity;sid:84727575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.132.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864474/; classtype:trojan-activity;sid:84727574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864473)"; flow:established,from_client; content:"GET"; http_method; content:"/86c8df2e-d9ab-4695-8cd1-a6161c4a087b"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zggkpuuy.testdrivepaye3.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864473/; classtype:trojan-activity;sid:84727573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.3.226"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864472/; classtype:trojan-activity;sid:84727572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864471)"; flow:established,from_client; content:"GET"; http_method; content:"/default.dat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"tuasesoriadigital.es"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864471/; classtype:trojan-activity;sid:84727571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.88.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864470/; classtype:trojan-activity;sid:84727570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864469)"; flow:established,from_client; content:"GET"; http_method; content:"/default.dat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"tuasesoriadigital.es"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864469/; classtype:trojan-activity;sid:84727569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864468)"; flow:established,from_client; content:"GET"; http_method; content:"/87/img_015059.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.172.235.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864468/; classtype:trojan-activity;sid:84727568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864467)"; flow:established,from_client; content:"GET"; http_method; content:"/87/goodthingswithbetterworldcoming.hta"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"107.172.235.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864467/; classtype:trojan-activity;sid:84727567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864466)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"secure-code.lol"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864466/; classtype:trojan-activity;sid:84727566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864459)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"143.20.185.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864459/; classtype:trojan-activity;sid:84727559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864460)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"143.20.185.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864460/; classtype:trojan-activity;sid:84727560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864461)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"143.20.185.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864461/; classtype:trojan-activity;sid:84727561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864462)"; flow:established,from_client; content:"GET"; http_method; content:"/dc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"143.20.185.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864462/; classtype:trojan-activity;sid:84727562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864463)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"143.20.185.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864463/; classtype:trojan-activity;sid:84727563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864464)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"143.20.185.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864464/; classtype:trojan-activity;sid:84727564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864465)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"143.20.185.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864465/; classtype:trojan-activity;sid:84727565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864457)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"143.20.185.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864457/; classtype:trojan-activity;sid:84727557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864458)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"143.20.185.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864458/; classtype:trojan-activity;sid:84727558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864456)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"143.20.185.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864456/; classtype:trojan-activity;sid:84727556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864454)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"143.20.185.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864454/; classtype:trojan-activity;sid:84727554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864455)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"143.20.185.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864455/; classtype:trojan-activity;sid:84727555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.74.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864453/; classtype:trojan-activity;sid:84727553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864447)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864447/; classtype:trojan-activity;sid:84727547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864448)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864448/; classtype:trojan-activity;sid:84727548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864449)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864449/; classtype:trojan-activity;sid:84727549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864450)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864450/; classtype:trojan-activity;sid:84727550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864451)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864451/; classtype:trojan-activity;sid:84727551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864452)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864452/; classtype:trojan-activity;sid:84727552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864438)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864438/; classtype:trojan-activity;sid:84727538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864439)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864439/; classtype:trojan-activity;sid:84727539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864440)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864440/; classtype:trojan-activity;sid:84727540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864441)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864441/; classtype:trojan-activity;sid:84727541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864442)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864442/; classtype:trojan-activity;sid:84727542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864443)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864443/; classtype:trojan-activity;sid:84727543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864444)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864444/; classtype:trojan-activity;sid:84727544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864445)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i468"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864445/; classtype:trojan-activity;sid:84727545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864446)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864446/; classtype:trojan-activity;sid:84727546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864437)"; flow:established,from_client; content:"GET"; http_method; content:"/1b1b9b3e-b426-4d13-ac37-5acd9c852c32"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ndotkgyl.tasisathosseini.shop"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864437/; classtype:trojan-activity;sid:84727537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.99.249.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864436/; classtype:trojan-activity;sid:84727536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864435)"; flow:established,from_client; content:"GET"; http_method; content:"/krypton.jar"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"clientkrypton.lovable.app"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864435/; classtype:trojan-activity;sid:84727535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.62.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864434/; classtype:trojan-activity;sid:84727534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864433)"; flow:established,from_client; content:"GET"; http_method; content:"/xw/phan.dat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gat-matics.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864433/; classtype:trojan-activity;sid:84727533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.123.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864432/; classtype:trojan-activity;sid:84727532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864431)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=03bf81b1-e3a3-4772-91ec-2f722801f654"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"q35f5c61.shimiumumi.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864431/; classtype:trojan-activity;sid:84727531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864430)"; flow:established,from_client; content:"GET"; http_method; content:"/5ab91975-69f8-4662-b2e8-d602d4efb482"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"yvrvsspv.tarikhravannovin.shop"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864430/; classtype:trojan-activity;sid:84727530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.245.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864429/; classtype:trojan-activity;sid:84727529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.168.50.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864428/; classtype:trojan-activity;sid:84727528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864427)"; flow:established,from_client; content:"GET"; http_method; content:"/girls.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"raz1eve.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864427/; classtype:trojan-activity;sid:84727527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864426)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptex1.4.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cryptex-core.pw"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864426/; classtype:trojan-activity;sid:84727526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.135.205.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864425/; classtype:trojan-activity;sid:84727525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864423)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.217.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864423/; classtype:trojan-activity;sid:84727523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.24.1.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864424/; classtype:trojan-activity;sid:84727524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.80.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864419/; classtype:trojan-activity;sid:84727519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.5.157"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864420/; classtype:trojan-activity;sid:84727520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.103.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864421/; classtype:trojan-activity;sid:84727521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864422)"; flow:established,from_client; content:"GET"; http_method; content:"/f6441b3f1f36535c"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"verification-js-cdn.boats"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864422/; classtype:trojan-activity;sid:84727522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.175.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864418/; classtype:trojan-activity;sid:84727518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864417)"; flow:established,from_client; content:"GET"; http_method; content:"/licenses.chromium.dat"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"pub-2f1bcdf12a2e44408e7a58efe6006d43.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864417/; classtype:trojan-activity;sid:84727517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864416)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ghost.rar"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"ghost-loader.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864416/; classtype:trojan-activity;sid:84727516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864403)"; flow:established,from_client; content:"GET"; http_method; content:"/dating.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"kis2kis.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864403/; classtype:trojan-activity;sid:84727503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864404)"; flow:established,from_client; content:"GET"; http_method; content:"/dating.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"datingtj22.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864404/; classtype:trojan-activity;sid:84727504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864405)"; flow:established,from_client; content:"GET"; http_method; content:"/kiss.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"razdev11tj.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864405/; classtype:trojan-activity;sid:84727505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864406)"; flow:established,from_client; content:"GET"; http_method; content:"/sevgi.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"da-tinguz1.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864406/; classtype:trojan-activity;sid:84727506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.141.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864407/; classtype:trojan-activity;sid:84727507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864408)"; flow:established,from_client; content:"GET"; http_method; content:"/girls.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"razuz-c1c.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864408/; classtype:trojan-activity;sid:84727508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.85.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864409/; classtype:trojan-activity;sid:84727509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864410)"; flow:established,from_client; content:"GET"; http_method; content:"/sevgi.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.243.221.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864410/; classtype:trojan-activity;sid:84727510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864411)"; flow:established,from_client; content:"GET"; http_method; content:"/kiss.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"132.243.221.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864411/; classtype:trojan-activity;sid:84727511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864412)"; flow:established,from_client; content:"GET"; http_method; content:"/sevgi.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"uzdating1.shop"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864412/; classtype:trojan-activity;sid:84727512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864413)"; flow:established,from_client; content:"GET"; http_method; content:"/sevgi.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"taniyuz1prem.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864413/; classtype:trojan-activity;sid:84727513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864414)"; flow:established,from_client; content:"GET"; http_method; content:"/sevgi.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"topdatccing2.shop"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864414/; classtype:trojan-activity;sid:84727514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.83.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864415/; classtype:trojan-activity;sid:84727515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.40.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864399/; classtype:trojan-activity;sid:84727499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.170.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864400/; classtype:trojan-activity;sid:84727500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.191.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864401/; classtype:trojan-activity;sid:84727501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864402)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864402/; classtype:trojan-activity;sid:84727502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.89.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864398/; classtype:trojan-activity;sid:84727498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864397)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.py"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"438bab4aeb69b5.lhr.life"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864397/; classtype:trojan-activity;sid:84727497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.62.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864395/; classtype:trojan-activity;sid:84727495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864396)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_b18c349c536cb383.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864396/; classtype:trojan-activity;sid:84727496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864390)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_9249b1dabee4e9fd.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864390/; classtype:trojan-activity;sid:84727490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864391)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_40474ae8c91ea37d.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864391/; classtype:trojan-activity;sid:84727491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864392)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_334c58ff73ca6c4b.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864392/; classtype:trojan-activity;sid:84727492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864393/; classtype:trojan-activity;sid:84727493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864394)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_b8da4488851fda52.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864394/; classtype:trojan-activity;sid:84727494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.123.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864389/; classtype:trojan-activity;sid:84727489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864388)"; flow:established,from_client; content:"GET"; http_method; content:"/cac36a1e-7e6c-4b09-86dc-589715e170e9"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fkqhi.drivingbook.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864388/; classtype:trojan-activity;sid:84727488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864387)"; flow:established,from_client; content:"GET"; http_method; content:"/733b42de-d8d6-4d05-b594-a338a7bd31cc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xglycuye.tarikhcheravanshenasi.xyz"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864387/; classtype:trojan-activity;sid:84727487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864386)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c430ebcf-b315-43b6-9a07-9086b292ea45"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"qlsgo9c9.shimiskoog.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864386/; classtype:trojan-activity;sid:84727486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.184.193.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864385/; classtype:trojan-activity;sid:84727485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.153.144.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864384/; classtype:trojan-activity;sid:84727484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864383)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=85bc62ac-2d8e-41db-8a0d-6b4ec0ca8b13"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"vg902zk8.sazehayefooladi.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864383/; classtype:trojan-activity;sid:84727483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.242.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864382/; classtype:trojan-activity;sid:84727482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864381)"; flow:established,from_client; content:"GET"; http_method; content:"/7ba73d78-d11b-4f10-9572-a3132299848a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"crghbprm.shartbandi.games"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864381/; classtype:trojan-activity;sid:84727481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.58.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864380/; classtype:trojan-activity;sid:84727480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.50.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864379/; classtype:trojan-activity;sid:84727479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.153.144.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864378/; classtype:trojan-activity;sid:84727478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.184.193.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864377/; classtype:trojan-activity;sid:84727477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.242.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864375/; classtype:trojan-activity;sid:84727475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.53.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864376/; classtype:trojan-activity;sid:84727476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.91.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864374/; classtype:trojan-activity;sid:84727474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864373)"; flow:established,from_client; content:"GET"; http_method; content:"/571d266b-b190-4a4a-8c99-f29697ec3515"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fnuqorvu.sazebetonarme.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864373/; classtype:trojan-activity;sid:84727473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.196.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864372/; classtype:trojan-activity;sid:84727472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864371)"; flow:established,from_client; content:"GET"; http_method; content:"/596fac19-0658-4fb9-a06f-86829b056de1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"otbmu.downloadquran.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864371/; classtype:trojan-activity;sid:84727471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864370)"; flow:established,from_client; content:"GET"; http_method; content:"/b9e7ff0f-16b7-4a31-9c23-8fe83d2b3a36"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"irljgzvr.sanjeshvaandazegiri.shop"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864370/; classtype:trojan-activity;sid:84727470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.164.8.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864369/; classtype:trojan-activity;sid:84727469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.122.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864368/; classtype:trojan-activity;sid:84727468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.122.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864367/; classtype:trojan-activity;sid:84727467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.239.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864366/; classtype:trojan-activity;sid:84727466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.198.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864364/; classtype:trojan-activity;sid:84727464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.246.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864365/; classtype:trojan-activity;sid:84727465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864363)"; flow:established,from_client; content:"GET"; http_method; content:"/feba32e2-8b2f-4d95-a7ab-6a9bd0342011"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zjkgepkj.sanjeshravani.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864363/; classtype:trojan-activity;sid:84727463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864362)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=9266c65c-827a-4b18-8b69-23dcde052cac"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ztx7i07q.ravanshenasisaeedi.xyz"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864362/; classtype:trojan-activity;sid:84727462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.1.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864361/; classtype:trojan-activity;sid:84727461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.1.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864360/; classtype:trojan-activity;sid:84727460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.105.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864359/; classtype:trojan-activity;sid:84727459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.105.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864358/; classtype:trojan-activity;sid:84727458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.27.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864356/; classtype:trojan-activity;sid:84727456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.147.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864357/; classtype:trojan-activity;sid:84727457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.173.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864355/; classtype:trojan-activity;sid:84727455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.173.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864354/; classtype:trojan-activity;sid:84727454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864353)"; flow:established,from_client; content:"GET"; http_method; content:"/c606994d-42bf-4379-9125-477c3bc585e0"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zujqygdq.sakhtemandade.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864353/; classtype:trojan-activity;sid:84727453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.27.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864352/; classtype:trojan-activity;sid:84727452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.198.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864351/; classtype:trojan-activity;sid:84727451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.148.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864350/; classtype:trojan-activity;sid:84727450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864349)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3628001c-973d-4f2b-8bec-c9d6a52ae275"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"f27u92nr.ravanshenasi.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864349/; classtype:trojan-activity;sid:84727449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.196.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864348/; classtype:trojan-activity;sid:84727448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864347)"; flow:established,from_client; content:"GET"; http_method; content:"/ba8db969-db64-4e65-a744-45dc5bb3c651"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ggqgx.differentialmamuli.store"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864347/; classtype:trojan-activity;sid:84727447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.161.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864346/; classtype:trojan-activity;sid:84727446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864345)"; flow:established,from_client; content:"GET"; http_method; content:"/3c7492f4-7bcd-40b6-8b49-6aec3c3d71db"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zkukywuh.sadreislam.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864345/; classtype:trojan-activity;sid:84727445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.148.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864344/; classtype:trojan-activity;sid:84727444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.191.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864343/; classtype:trojan-activity;sid:84727443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.73.205.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864342/; classtype:trojan-activity;sid:84727442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.12.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864341/; classtype:trojan-activity;sid:84727441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.196.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864340/; classtype:trojan-activity;sid:84727440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.74.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864339/; classtype:trojan-activity;sid:84727439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.43.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864338/; classtype:trojan-activity;sid:84727438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.43.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864337/; classtype:trojan-activity;sid:84727437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.97.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864336/; classtype:trojan-activity;sid:84727436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864335)"; flow:established,from_client; content:"GET"; http_method; content:"/a3abca54-f2e5-4432-a87d-500e780e8724"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hogugzxj.questionsmotor.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864335/; classtype:trojan-activity;sid:84727435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.73.205.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864334/; classtype:trojan-activity;sid:84727434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.221.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864333/; classtype:trojan-activity;sid:84727433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.112.129.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864332/; classtype:trojan-activity;sid:84727432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.147.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864331/; classtype:trojan-activity;sid:84727431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.97.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864330/; classtype:trojan-activity;sid:84727430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.221.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864329/; classtype:trojan-activity;sid:84727429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864328)"; flow:established,from_client; content:"GET"; http_method; content:"/2ff77e0b-d59c-4e47-b265-84509132d33a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hduwrmy.megaparikade.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864328/; classtype:trojan-activity;sid:84727428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.233.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864327/; classtype:trojan-activity;sid:84727427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864326)"; flow:established,from_client; content:"GET"; http_method; content:"/3dbd4a5b-ddef-4050-80af-6e60186c4e18"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fjagjlhm.psgnewsiran.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864326/; classtype:trojan-activity;sid:84727426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864310)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864310/; classtype:trojan-activity;sid:84727410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864311)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864311/; classtype:trojan-activity;sid:84727411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864312)"; flow:established,from_client; content:"GET"; http_method; content:"/nz.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864312/; classtype:trojan-activity;sid:84727412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864313)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864313/; classtype:trojan-activity;sid:84727413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864314)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864314/; classtype:trojan-activity;sid:84727414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864315)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864315/; classtype:trojan-activity;sid:84727415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864316)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864316/; classtype:trojan-activity;sid:84727416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864317)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864317/; classtype:trojan-activity;sid:84727417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864318)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864318/; classtype:trojan-activity;sid:84727418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864319)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/debug"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864319/; classtype:trojan-activity;sid:84727419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864320)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864320/; classtype:trojan-activity;sid:84727420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864321)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864321/; classtype:trojan-activity;sid:84727421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864322)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864322/; classtype:trojan-activity;sid:84727422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864323)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864323/; classtype:trojan-activity;sid:84727423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864324)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864324/; classtype:trojan-activity;sid:84727424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864325)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/nz.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864325/; classtype:trojan-activity;sid:84727425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864309)"; flow:established,from_client; content:"GET"; http_method; content:"/nz/o.xml"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864309/; classtype:trojan-activity;sid:84727409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864308)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=2acbc4b9-df9b-46c0-8ad8-68fa762ac998"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"365johfe.ravanshenasinovin.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864308/; classtype:trojan-activity;sid:84727408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.95.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864307/; classtype:trojan-activity;sid:84727407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.95.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864306/; classtype:trojan-activity;sid:84727406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864305)"; flow:established,from_client; content:"GET"; http_method; content:"/9d091c22-9ff1-4715-81c1-972bc9cb7b6d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ycnrdnqk.prozhedownload.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864305/; classtype:trojan-activity;sid:84727405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.115.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864304/; classtype:trojan-activity;sid:84727404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864303)"; flow:established,from_client; content:"GET"; http_method; content:"/b86c3106-f287-472b-8dbf-c2de512a55f0"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qlvir.differentialkerayechiyan.store"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864303/; classtype:trojan-activity;sid:84727403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.178.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864302/; classtype:trojan-activity;sid:84727402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.189.203.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864301/; classtype:trojan-activity;sid:84727401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.55.173.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864300/; classtype:trojan-activity;sid:84727400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.244.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864299/; classtype:trojan-activity;sid:84727399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.115.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864298/; classtype:trojan-activity;sid:84727398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864297)"; flow:established,from_client; content:"GET"; http_method; content:"/208bd4d3-cb7a-43ad-b84c-66fb96aed9aa"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gbqlwrat.prozhecart.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864297/; classtype:trojan-activity;sid:84727397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.90.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864296/; classtype:trojan-activity;sid:84727396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.244.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864295/; classtype:trojan-activity;sid:84727395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.196.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864294/; classtype:trojan-activity;sid:84727394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.64.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864293/; classtype:trojan-activity;sid:84727393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864292)"; flow:established,from_client; content:"GET"; http_method; content:"/b382aba8-b81f-4bb2-b632-05e41d793252"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pwzkdexx.mechanicsayalat.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864292/; classtype:trojan-activity;sid:84727392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.84.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864291/; classtype:trojan-activity;sid:84727391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.161.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864290/; classtype:trojan-activity;sid:84727390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.199.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864289/; classtype:trojan-activity;sid:84727389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864287)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=ec4c63fd-f857-4cec-9b81-cfd073290db2"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"c3ord92p.ravanshenasiganji.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864287/; classtype:trojan-activity;sid:84727387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.125.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864288/; classtype:trojan-activity;sid:84727388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864286)"; flow:established,from_client; content:"GET"; http_method; content:"/9ce2b967-b2dc-4a0a-9d24-4ce8a8b2e6ea"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ozaauajb.mechanickhodakarami.shop"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864286/; classtype:trojan-activity;sid:84727386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.125.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864285/; classtype:trojan-activity;sid:84727385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.28.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864284/; classtype:trojan-activity;sid:84727384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864283)"; flow:established,from_client; content:"GET"; http_method; content:"/7db760e6-9549-4a6b-9704-68a53c16a554"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"errmx.defamogadas.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864283/; classtype:trojan-activity;sid:84727383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.28.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864282/; classtype:trojan-activity;sid:84727382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.251.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864281/; classtype:trojan-activity;sid:84727381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864280)"; flow:established,from_client; content:"GET"; http_method; content:"/46da6600-fbc7-484c-afcf-d70e4b458548"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ipzukbru.masirpayambari.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864280/; classtype:trojan-activity;sid:84727380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.135.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864279/; classtype:trojan-activity;sid:84727379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.67.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864278/; classtype:trojan-activity;sid:84727378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.166.67.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864277/; classtype:trojan-activity;sid:84727377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864276)"; flow:established,from_client; content:"GET"; http_method; content:"/aece5eb3-8c69-49f7-8eba-8cf91b754c7e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xreyotb.livebetkade.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864276/; classtype:trojan-activity;sid:84727376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864275)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7b801071-647e-43ca-9e0d-6bbc1704decd"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"u7ezu7d6.shartmag.bet"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864275/; classtype:trojan-activity;sid:84727375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.181.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864274/; classtype:trojan-activity;sid:84727374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864273)"; flow:established,from_client; content:"GET"; http_method; content:"/b5ad4e07-9c41-46d3-94ab-63e209ebf91b"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xwtwlrkc.masaelmohandesi.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864273/; classtype:trojan-activity;sid:84727373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.67.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864272/; classtype:trojan-activity;sid:84727372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.224.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864271/; classtype:trojan-activity;sid:84727371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.90.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864270/; classtype:trojan-activity;sid:84727370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.90.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864269/; classtype:trojan-activity;sid:84727369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.181.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864268/; classtype:trojan-activity;sid:84727368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.79.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864267/; classtype:trojan-activity;sid:84727367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864266)"; flow:established,from_client; content:"GET"; http_method; content:"/beb1977e-7b93-4074-bc13-77b53317e440"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qjivlnde.maharatmodiran.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864266/; classtype:trojan-activity;sid:84727366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.67.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864265/; classtype:trojan-activity;sid:84727365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864264)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=a7302ac6-2002-42d1-80f0-176adb774041"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"6wkjs482.nazariyeyadgiri.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864264/; classtype:trojan-activity;sid:84727364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864263)"; flow:established,from_client; content:"GET"; http_method; content:"/d0feacce-56e0-4a06-ada3-d2cb6d135ea0"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xovqk.darsnamejame.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864263/; classtype:trojan-activity;sid:84727363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864262)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=fb4012d6-ca01-497d-a93f-16160fa4f68b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"3cxt05zy.ravanshenakhti.shop"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864262/; classtype:trojan-activity;sid:84727362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.168.50.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864261/; classtype:trojan-activity;sid:84727361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.79.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864260/; classtype:trojan-activity;sid:84727360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864259)"; flow:established,from_client; content:"GET"; http_method; content:"/7d786c01-f316-48d3-a6ae-18327c14e960"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nztdbnij.mabanishimi.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864259/; classtype:trojan-activity;sid:84727359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.120.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864258/; classtype:trojan-activity;sid:84727358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864257)"; flow:established,from_client; content:"GET"; http_method; content:"/47f7f66f-267e-4381-af44-ef0fbdedeeb3"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qcfxtzci.leaguejazire.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864257/; classtype:trojan-activity;sid:84727357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.120.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864256/; classtype:trojan-activity;sid:84727356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864255)"; flow:established,from_client; content:"GET"; http_method; content:"/14f036a7-f8f9-4027-8240-7d0b097325ca"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ptybfgjf.karbordriyaziyat.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864255/; classtype:trojan-activity;sid:84727355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.70.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864254/; classtype:trojan-activity;sid:84727354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864253)"; flow:established,from_client; content:"GET"; http_method; content:"/5b689f92-0232-43bd-ac4c-e5044966d790"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cdppx.danestanihavarzeshi.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864253/; classtype:trojan-activity;sid:84727353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.109.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864252/; classtype:trojan-activity;sid:84727352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864251)"; flow:established,from_client; content:"GET"; http_method; content:"/88f43874-6a47-4d78-8885-41cbf77e4d50"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"efwjubk.rocketbet.pro"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864251/; classtype:trojan-activity;sid:84727351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.123.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864250/; classtype:trojan-activity;sid:84727350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.244.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864249/; classtype:trojan-activity;sid:84727349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.90.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864248/; classtype:trojan-activity;sid:84727348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864247)"; flow:established,from_client; content:"GET"; http_method; content:"/6ff9c924-d996-4132-8dad-98b413e52e66"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qvipoojy.karafarini.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864247/; classtype:trojan-activity;sid:84727347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.70.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864246/; classtype:trojan-activity;sid:84727346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864245)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c03a3496-3590-45b5-950d-2bff7fecc2d5"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"7sxu8ft8.shartbandikade.online"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_14; reference:url, urlhaus.abuse.ch/url/3864245/; classtype:trojan-activity;sid:84727345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.7.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864244/; classtype:trojan-activity;sid:84727344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864243)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=614ab09c-7541-4084-b0f9-2cadfcaa27d8"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"8r61gwvq.ravansalamat.shop"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864243/; classtype:trojan-activity;sid:84727343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.129.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864242/; classtype:trojan-activity;sid:84727342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864241)"; flow:established,from_client; content:"GET"; http_method; content:"/5f912ba0-d146-461a-8cb0-c7da19e2a869"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zkclsegh.jam-jahani.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864241/; classtype:trojan-activity;sid:84727341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.247.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864240/; classtype:trojan-activity;sid:84727340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.94.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864239/; classtype:trojan-activity;sid:84727339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.129.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864238/; classtype:trojan-activity;sid:84727338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.227.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864237/; classtype:trojan-activity;sid:84727337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.42.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864236/; classtype:trojan-activity;sid:84727336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864235/; classtype:trojan-activity;sid:84727335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864234)"; flow:established,from_client; content:"GET"; http_method; content:"/1c98c951-1361-48e6-9950-7e2c448f3786"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pirqlheh.hugugtejarat4.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864234/; classtype:trojan-activity;sid:84727334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864233)"; flow:established,from_client; content:"GET"; http_method; content:"/62f94114-0896-4385-966c-eb08620af44d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"efxvu.daneshkhanevade.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864233/; classtype:trojan-activity;sid:84727333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.42.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864232/; classtype:trojan-activity;sid:84727332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864231)"; flow:established,from_client; content:"GET"; http_method; content:"/clean"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"217.60.195.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864231/; classtype:trojan-activity;sid:84727331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864227)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864227/; classtype:trojan-activity;sid:84727327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864228)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.60.195.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864228/; classtype:trojan-activity;sid:84727328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864229)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864229/; classtype:trojan-activity;sid:84727329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864230)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"217.60.195.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864230/; classtype:trojan-activity;sid:84727330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864226)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.60.195.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864226/; classtype:trojan-activity;sid:84727326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.191.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864225/; classtype:trojan-activity;sid:84727325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864224)"; flow:established,from_client; content:"GET"; http_method; content:"/3b75f7ce-f34c-4188-ab80-d8c3acc89e83"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ahkyokta.hugugtatbigi.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864224/; classtype:trojan-activity;sid:84727324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.246.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864223/; classtype:trojan-activity;sid:84727323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.87.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864222/; classtype:trojan-activity;sid:84727322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864221)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=761655fd-dbd9-4efc-8033-6a957c790e3e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"8co4mfeh.qurandownload.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864221/; classtype:trojan-activity;sid:84727321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864220)"; flow:established,from_client; content:"GET"; http_method; content:"/9f3ee70d-e58a-4a1f-9a92-0287493ed062"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xeviozwk.hugugnasiri.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864220/; classtype:trojan-activity;sid:84727320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864219)"; flow:established,from_client; content:"GET"; http_method; content:"/godisdead.3"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.236.3.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864219/; classtype:trojan-activity;sid:84727319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864217)"; flow:established,from_client; content:"GET"; http_method; content:"/areyouajew.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"152.236.3.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864217/; classtype:trojan-activity;sid:84727317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864218)"; flow:established,from_client; content:"GET"; http_method; content:"/godisdead.2"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.236.3.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864218/; classtype:trojan-activity;sid:84727318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.205.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864216/; classtype:trojan-activity;sid:84727316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864215)"; flow:established,from_client; content:"GET"; http_method; content:"/8ae44564-acab-47bf-a54a-0f207913e7ac"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"uhnuyfcr.hugugmadanikatouzian.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864215/; classtype:trojan-activity;sid:84727315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.87.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864214/; classtype:trojan-activity;sid:84727314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.186.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864213/; classtype:trojan-activity;sid:84727313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864212)"; flow:established,from_client; content:"GET"; http_method; content:"/c898c073-9e03-4ca3-a721-c4083f4a3753"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"igrbuyo.pokerkade.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864212/; classtype:trojan-activity;sid:84727312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864211)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=6d861f61-8ec0-46a4-9305-e7027cc46536"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"kl23rl6f.nahjolbalage.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864211/; classtype:trojan-activity;sid:84727311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864210)"; flow:established,from_client; content:"GET"; http_method; content:"/c3e57f49-0f75-4258-a0fd-e232eb134d2e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hfolz.bookdrive.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864210/; classtype:trojan-activity;sid:84727310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.7.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864209/; classtype:trojan-activity;sid:84727309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864208)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1766dc2c-1a7c-44a3-9769-9cfbc09b0a1f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"p60hpuvn.shartbandifootballkade.online"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864208/; classtype:trojan-activity;sid:84727308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.189.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864207/; classtype:trojan-activity;sid:84727307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864206)"; flow:established,from_client; content:"GET"; http_method; content:"/db068de5-b6f6-4178-abdf-bd3d1b9cbfcc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"kzkzbbha.hugugmadani6.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864206/; classtype:trojan-activity;sid:84727306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.122.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864205/; classtype:trojan-activity;sid:84727305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864204/; classtype:trojan-activity;sid:84727304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.122.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864203/; classtype:trojan-activity;sid:84727303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864202)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/telnet"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864202/; classtype:trojan-activity;sid:84727302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.7.171"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864201/; classtype:trojan-activity;sid:84727301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.31.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864200/; classtype:trojan-activity;sid:84727300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864199)"; flow:established,from_client; content:"GET"; http_method; content:"/6d4c6d93-33b7-4a36-b3b9-99eeb9de1e28"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"wdbcypih.hugugedari.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864199/; classtype:trojan-activity;sid:84727299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.109.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864198/; classtype:trojan-activity;sid:84727298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.31.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864197/; classtype:trojan-activity;sid:84727297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.89.93.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864196/; classtype:trojan-activity;sid:84727296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864195)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d3848191-cced-47d7-a7a8-53228ecbc2bd"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"osggwts6.fubet24.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864195/; classtype:trojan-activity;sid:84727295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.16.171.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864194/; classtype:trojan-activity;sid:84727294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864193)"; flow:established,from_client; content:"GET"; http_method; content:"/f69a6d79-790d-4532-903a-12e90829c1c4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vhsqohyd.hugugdaryayi.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864193/; classtype:trojan-activity;sid:84727293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.146.176.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864192/; classtype:trojan-activity;sid:84727292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.189.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864191/; classtype:trojan-activity;sid:84727291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.145.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864189/; classtype:trojan-activity;sid:84727289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.89.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864190/; classtype:trojan-activity;sid:84727290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864188)"; flow:established,from_client; content:"GET"; http_method; content:"/599f2bdb-0d1c-4eb8-a081-4ee5252e0d54"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"yyrup.barnamenevisi.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864188/; classtype:trojan-activity;sid:84727288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.177.237.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864187/; classtype:trojan-activity;sid:84727287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864186)"; flow:established,from_client; content:"GET"; http_method; content:"/b01530d0-469d-4dd6-a19b-c91f8ad45997"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jrmcsezq.hugugbime.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864186/; classtype:trojan-activity;sid:84727286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.67.45.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864185/; classtype:trojan-activity;sid:84727285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.229.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864184/; classtype:trojan-activity;sid:84727284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.157.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864183/; classtype:trojan-activity;sid:84727283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864182)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_73fea0a7b4e57bf6.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864182/; classtype:trojan-activity;sid:84727282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.67.45.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864181/; classtype:trojan-activity;sid:84727281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864180)"; flow:established,from_client; content:"GET"; http_method; content:"/5a45f861-3bfb-455f-9180-2b001d170a89"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nqsaymjr.betyek.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864180/; classtype:trojan-activity;sid:84727280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.181.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864179/; classtype:trojan-activity;sid:84727279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.237.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864176/; classtype:trojan-activity;sid:84727276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.123.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864177/; classtype:trojan-activity;sid:84727277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.165.18.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864178/; classtype:trojan-activity;sid:84727278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.165.18.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864175/; classtype:trojan-activity;sid:84727275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864174)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/css/colors/oceans/ebu.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"scoala1gherla.ro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864174/; classtype:trojan-activity;sid:84727274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864173)"; flow:established,from_client; content:"GET"; http_method; content:"/c5bc15e8-1ed5-44f8-b6dc-4057db224a1d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gbbzykw.melbetkade.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864173/; classtype:trojan-activity;sid:84727273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.78.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864172/; classtype:trojan-activity;sid:84727272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864171)"; flow:established,from_client; content:"GET"; http_method; content:"/cc9c1abd-5cb1-4afe-824a-c64a8192cae6"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fswqsjdd.betxane.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864171/; classtype:trojan-activity;sid:84727271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.181.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864170/; classtype:trojan-activity;sid:84727270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864169)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=fb4849b8-5e48-48a1-a916-7156a36dc374"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1mp15ubu.shansline.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864169/; classtype:trojan-activity;sid:84727269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864168)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=a6eecb05-6704-411c-9206-09fb272bccc2"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"9q2tk0oi.enfejarkade.online"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864168/; classtype:trojan-activity;sid:84727268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.250.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864167/; classtype:trojan-activity;sid:84727267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.164.227.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864166/; classtype:trojan-activity;sid:84727266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.42.11.67"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864165/; classtype:trojan-activity;sid:84727265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.223.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864164/; classtype:trojan-activity;sid:84727264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864163)"; flow:established,from_client; content:"GET"; http_method; content:"/98c304f8-64e8-433a-89bc-64a4e1056a33"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xetxx.bankefile.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864163/; classtype:trojan-activity;sid:84727263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.90.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864162/; classtype:trojan-activity;sid:84727262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.78.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864161/; classtype:trojan-activity;sid:84727261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.250.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864160/; classtype:trojan-activity;sid:84727260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864159)"; flow:established,from_client; content:"GET"; http_method; content:"/0512bed0-756b-4f03-b1a3-2ff544f92964"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cugeuvle.betwanna.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864159/; classtype:trojan-activity;sid:84727259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.168.97.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864158/; classtype:trojan-activity;sid:84727258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.158.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864157/; classtype:trojan-activity;sid:84727257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864156/; classtype:trojan-activity;sid:84727256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.164.227.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864155/; classtype:trojan-activity;sid:84727255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.239.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864154/; classtype:trojan-activity;sid:84727254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.239.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864153/; classtype:trojan-activity;sid:84727253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.23.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864152/; classtype:trojan-activity;sid:84727252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864151)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_10792eb44b14abee.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864151/; classtype:trojan-activity;sid:84727251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.23.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864150/; classtype:trojan-activity;sid:84727250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.208.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864149/; classtype:trojan-activity;sid:84727249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.168.97.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864148/; classtype:trojan-activity;sid:84727248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864147/; classtype:trojan-activity;sid:84727247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864146)"; flow:established,from_client; content:"GET"; http_method; content:"/7eeb5cbd-57d5-40df-812c-b65757c4841f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"urelelgc.betforwardkade.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864146/; classtype:trojan-activity;sid:84727246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.148.226.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864145/; classtype:trojan-activity;sid:84727245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864144)"; flow:established,from_client; content:"GET"; http_method; content:"/msi.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"portwesl.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864144/; classtype:trojan-activity;sid:84727244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864143)"; flow:established,from_client; content:"GET"; http_method; content:"/tyimg/16netmisp.png"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"r2.image-upload.app"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864143/; classtype:trojan-activity;sid:84727243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864142)"; flow:established,from_client; content:"GET"; http_method; content:"/25/seethebestpersonievermadewithmybestdays.hta"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"107.172.172.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864142/; classtype:trojan-activity;sid:84727242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864141)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_cfca4668fb703b9d.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864141/; classtype:trojan-activity;sid:84727241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.29.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864140/; classtype:trojan-activity;sid:84727240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864139)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_ed27e62be8d4fe3d.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864139/; classtype:trojan-activity;sid:84727239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864138)"; flow:established,from_client; content:"GET"; http_method; content:"/wizard.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864138/; classtype:trojan-activity;sid:84727238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.214.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864137/; classtype:trojan-activity;sid:84727237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.29.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864136/; classtype:trojan-activity;sid:84727236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.148.226.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864135/; classtype:trojan-activity;sid:84727235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864134)"; flow:established,from_client; content:"GET"; http_method; content:"/44cd360e-aa92-4828-975f-c4ff2f54b527"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"dyqanvdt.betfidokade.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864134/; classtype:trojan-activity;sid:84727234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.38.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864133/; classtype:trojan-activity;sid:84727233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.0.62.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864132/; classtype:trojan-activity;sid:84727232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.247.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864131/; classtype:trojan-activity;sid:84727231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.151.118.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864130/; classtype:trojan-activity;sid:84727230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864129)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7586e2cc-cd8e-492f-9526-1d195bb92af2"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"0z0kmkwn.anodaz.tv"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864129/; classtype:trojan-activity;sid:84727229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864128)"; flow:established,from_client; content:"GET"; http_method; content:"/fda6e6f9-4b20-4231-94ff-29a4c5f20a68"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qzkdr.bankefiile.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864128/; classtype:trojan-activity;sid:84727228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864127)"; flow:established,from_client; content:"GET"; http_method; content:"/1131d69e-ed6d-4a6e-b35d-a151f70baa79"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bqxhfhog.bet313.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864127/; classtype:trojan-activity;sid:84727227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.0.62.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864126/; classtype:trojan-activity;sid:84727226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.155.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864125/; classtype:trojan-activity;sid:84727225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.214.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864124/; classtype:trojan-activity;sid:84727224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864123)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=26a4da2b-c75f-4002-9614-a250c42b3b0f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"phw2uk1e.casinokade.online"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864123/; classtype:trojan-activity;sid:84727223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.151.118.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864122/; classtype:trojan-activity;sid:84727222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864121)"; flow:established,from_client; content:"GET"; http_method; content:"/tron/file.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864121/; classtype:trojan-activity;sid:84727221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864120)"; flow:established,from_client; content:"GET"; http_method; content:"/83627138-9ec3-478a-b482-8b8cebd0bf36"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qoutbfpg.bet120x.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864120/; classtype:trojan-activity;sid:84727220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864119/; classtype:trojan-activity;sid:84727219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.232.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864118/; classtype:trojan-activity;sid:84727218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.227.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864117/; classtype:trojan-activity;sid:84727217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.232.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864116/; classtype:trojan-activity;sid:84727216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864114)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads12152152142356367346/caches/5_fulltext_reestr_tekushih_proektov_kompanii.ps1"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"104.253.79.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864114/; classtype:trojan-activity;sid:84727214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864115)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads12152152142356367346/caches/4_chek_list_dlya_provedeniya_vstrechi.ps1"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"104.253.79.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864115/; classtype:trojan-activity;sid:84727215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864113)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=bb1ecc6e-97cd-4eb4-85a7-2c522cf1eb77"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"7dqgr2or.shansbartar.bet"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864113/; classtype:trojan-activity;sid:84727213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864112)"; flow:established,from_client; content:"GET"; http_method; content:"/3d88b06c-578c-4a65-87a5-413e9442c2a1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qzxjphs.megaparikade.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864112/; classtype:trojan-activity;sid:84727212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864111)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864111/; classtype:trojan-activity;sid:84727211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864084)"; flow:established,from_client; content:"GET"; http_method; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.ppc"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864084/; classtype:trojan-activity;sid:84727184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864085)"; flow:established,from_client; content:"GET"; http_method; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.mipsel"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864085/; classtype:trojan-activity;sid:84727185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864086)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864086/; classtype:trojan-activity;sid:84727186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864087)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864087/; classtype:trojan-activity;sid:84727187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864088)"; flow:established,from_client; content:"GET"; http_method; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.arm"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864088/; classtype:trojan-activity;sid:84727188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864089)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv7l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864089/; classtype:trojan-activity;sid:84727189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864090)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864090/; classtype:trojan-activity;sid:84727190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864091)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864091/; classtype:trojan-activity;sid:84727191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864092)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864092/; classtype:trojan-activity;sid:84727192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864093)"; flow:established,from_client; content:"GET"; http_method; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.sh4"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864093/; classtype:trojan-activity;sid:84727193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864094)"; flow:established,from_client; content:"GET"; http_method; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.cats.sh"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864094/; classtype:trojan-activity;sid:84727194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864095)"; flow:established,from_client; content:"GET"; http_method; content:"/n3881.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"142.93.165.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864095/; classtype:trojan-activity;sid:84727195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864096)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"142.93.165.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864096/; classtype:trojan-activity;sid:84727196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864097)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv4l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864097/; classtype:trojan-activity;sid:84727197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864098)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864098/; classtype:trojan-activity;sid:84727198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864099)"; flow:established,from_client; content:"GET"; http_method; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.mips"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864099/; classtype:trojan-activity;sid:84727199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864100)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864100/; classtype:trojan-activity;sid:84727200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864101)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"142.93.165.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864101/; classtype:trojan-activity;sid:84727201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864102)"; flow:established,from_client; content:"GET"; http_method; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.arm6"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864102/; classtype:trojan-activity;sid:84727202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864103)"; flow:established,from_client; content:"GET"; http_method; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.spc"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864103/; classtype:trojan-activity;sid:84727203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864104)"; flow:established,from_client; content:"GET"; http_method; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.arm7"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864104/; classtype:trojan-activity;sid:84727204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864105)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864105/; classtype:trojan-activity;sid:84727205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864106)"; flow:established,from_client; content:"GET"; http_method; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.x86_64"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864106/; classtype:trojan-activity;sid:84727206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864107)"; flow:established,from_client; content:"GET"; http_method; content:"/.sassy.cloudflare.new/.sassy.cloudflare.new.arm5"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864107/; classtype:trojan-activity;sid:84727207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864108)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864108/; classtype:trojan-activity;sid:84727208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864109)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864109/; classtype:trojan-activity;sid:84727209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864083)"; flow:established,from_client; content:"GET"; http_method; content:"//r/nsec-fetch-dest"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"123.25.239.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864083/; classtype:trojan-activity;sid:84727183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864082)"; flow:established,from_client; content:"GET"; http_method; content:"//r/naccept-encoding"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"172.232.246.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864082/; classtype:trojan-activity;sid:84727182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864080)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin//r/naccept-encoding"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"159.89.171.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864080/; classtype:trojan-activity;sid:84727180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864081)"; flow:established,from_client; content:"GET"; http_method; content:"/mel.so"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.65.139.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864081/; classtype:trojan-activity;sid:84727181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864079)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_6f6457737182b229.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864079/; classtype:trojan-activity;sid:84727179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864078)"; flow:established,from_client; content:"GET"; http_method; content:"/5f42337f33d83e98"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"verification-js-cdn.boats"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864078/; classtype:trojan-activity;sid:84727178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864075)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.245.27.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864075/; classtype:trojan-activity;sid:84727175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864076)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vbotnt1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864076/; classtype:trojan-activity;sid:84727176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864077)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vbotnt1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864077/; classtype:trojan-activity;sid:84727177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864060)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vbotnt1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864060/; classtype:trojan-activity;sid:84727160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864061)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.245.27.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864061/; classtype:trojan-activity;sid:84727161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864062)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.245.27.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864062/; classtype:trojan-activity;sid:84727162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.80.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864063/; classtype:trojan-activity;sid:84727163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864064)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vbotnt1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864064/; classtype:trojan-activity;sid:84727164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864065)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.245.27.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864065/; classtype:trojan-activity;sid:84727165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864066)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.245.27.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864066/; classtype:trojan-activity;sid:84727166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864067)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vbotnt1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864067/; classtype:trojan-activity;sid:84727167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864068)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vbotnt1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864068/; classtype:trojan-activity;sid:84727168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864069)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vbotnt1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864069/; classtype:trojan-activity;sid:84727169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864070)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.245.27.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864070/; classtype:trojan-activity;sid:84727170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.103.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864071/; classtype:trojan-activity;sid:84727171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.39.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864072/; classtype:trojan-activity;sid:84727172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864073)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.245.27.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864073/; classtype:trojan-activity;sid:84727173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864074)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vbotnt1.duckdns.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864074/; classtype:trojan-activity;sid:84727174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864059)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.245.27.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864059/; classtype:trojan-activity;sid:84727159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864058)"; flow:established,from_client; content:"GET"; http_method; content:"/e.mpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.198.224.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864058/; classtype:trojan-activity;sid:84727158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864057)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"h23.dad"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864057/; classtype:trojan-activity;sid:84727157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864054)"; flow:established,from_client; content:"GET"; http_method; content:"/5ccc|3f|download_token=5744f723de13fe0c6bbe52a8ce58126e7beaa11079b78b7392410b4659220434"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"bedrive.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864054/; classtype:trojan-activity;sid:84727154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864055)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"universemap.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864055/; classtype:trojan-activity;sid:84727155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864056)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864056/; classtype:trojan-activity;sid:84727156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864050)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_27ef4778bdd07b51.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864050/; classtype:trojan-activity;sid:84727150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864051)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_6b36d2f073339db1.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864051/; classtype:trojan-activity;sid:84727151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864052)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_139eb4d35baf4b5a.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864052/; classtype:trojan-activity;sid:84727152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864053)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_a5ba0a11805d3800.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864053/; classtype:trojan-activity;sid:84727153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864049)"; flow:established,from_client; content:"GET"; http_method; content:"/07536e96-e3f2-4dc8-85ca-79071b430014"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"boqetwvb.bcgamekade.online"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864049/; classtype:trojan-activity;sid:84727149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.42.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864048/; classtype:trojan-activity;sid:84727148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864047/; classtype:trojan-activity;sid:84727147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.4.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864046/; classtype:trojan-activity;sid:84727146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.93.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864045/; classtype:trojan-activity;sid:84727145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.189.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864044/; classtype:trojan-activity;sid:84727144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.235.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864043/; classtype:trojan-activity;sid:84727143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864042)"; flow:established,from_client; content:"GET"; http_method; content:"/ce4f454a-a4e0-45ed-9cd9-6aaa2385a350"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"wabel.azmoonzare.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864042/; classtype:trojan-activity;sid:84727142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.76.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864041/; classtype:trojan-activity;sid:84727141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864040)"; flow:established,from_client; content:"GET"; http_method; content:"/95bb93c4-8e14-472f-b4b9-b89a28edf05c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"kdqtqtbo.ace9bet.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864040/; classtype:trojan-activity;sid:84727140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.235.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864039/; classtype:trojan-activity;sid:84727139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.76.32"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864038/; classtype:trojan-activity;sid:84727138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.42.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864037/; classtype:trojan-activity;sid:84727137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.154.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864036/; classtype:trojan-activity;sid:84727136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864035)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=405f85c6-a14b-4f83-a6d2-bd4b7a074fc8"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"k57famtz.bordestan.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864035/; classtype:trojan-activity;sid:84727135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.117.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864034/; classtype:trojan-activity;sid:84727134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.79.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864033/; classtype:trojan-activity;sid:84727133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864031)"; flow:established,from_client; content:"GET"; http_method; content:"/79886325-b9b6-4008-bace-415d8715f8a8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mkspkafs.4030bet.app"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864031/; classtype:trojan-activity;sid:84727131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864032)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=92fb436b-571b-41cd-bf08-14d60bbd7e03"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"qnuaqbez.anodaz.vip"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864032/; classtype:trojan-activity;sid:84727132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.222.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864030/; classtype:trojan-activity;sid:84727130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.155.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864029/; classtype:trojan-activity;sid:84727129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.154.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864028/; classtype:trojan-activity;sid:84727128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.77.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864027/; classtype:trojan-activity;sid:84727127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.117.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864026/; classtype:trojan-activity;sid:84727126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.72.10.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864025/; classtype:trojan-activity;sid:84727125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.237.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864024/; classtype:trojan-activity;sid:84727124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864023)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.155.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864023/; classtype:trojan-activity;sid:84727123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.240.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864022/; classtype:trojan-activity;sid:84727122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864021)"; flow:established,from_client; content:"GET"; http_method; content:"/5ed79298-d065-4531-9b14-3c09a4867ef8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hhghzngh.22betkade.online"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864021/; classtype:trojan-activity;sid:84727121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.72.10.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864020/; classtype:trojan-activity;sid:84727120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.55.173.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864019/; classtype:trojan-activity;sid:84727119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.240.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864018/; classtype:trojan-activity;sid:84727118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864017)"; flow:established,from_client; content:"GET"; http_method; content:"/0e4c2f28-a542-4770-a560-a8c6595ea38c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"iaqem.bankefiile.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864017/; classtype:trojan-activity;sid:84727117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864016)"; flow:established,from_client; content:"GET"; http_method; content:"/1b545169-0fc9-4314-ba6e-dc8be8b4863c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xrekqgkh.1xyek.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864016/; classtype:trojan-activity;sid:84727116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.27.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864015/; classtype:trojan-activity;sid:84727115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.137.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864014/; classtype:trojan-activity;sid:84727114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.188.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864013/; classtype:trojan-activity;sid:84727113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.155.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864012/; classtype:trojan-activity;sid:84727112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864011)"; flow:established,from_client; content:"GET"; http_method; content:"/4f310431-5681-4852-bac5-208715cb0e0b"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ymwntmdt.1xborokade.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864011/; classtype:trojan-activity;sid:84727111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864010)"; flow:established,from_client; content:"GET"; http_method; content:"/dd4bb780-a0a4-41a3-9e0e-38f4710627ee"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"toolcvu.livebetkade.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864010/; classtype:trojan-activity;sid:84727110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.184.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864009/; classtype:trojan-activity;sid:84727109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.219.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864008/; classtype:trojan-activity;sid:84727108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.188.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864007/; classtype:trojan-activity;sid:84727107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864006)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=374e94ca-5532-438c-ba99-382b1fca374b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"undb4pt3.questionstest.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864006/; classtype:trojan-activity;sid:84727106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.184.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864005/; classtype:trojan-activity;sid:84727105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864004)"; flow:established,from_client; content:"GET"; http_method; content:"/85469301-60a5-4473-92dc-ba2294619ae4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zthedtkr.1xbitkade.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864004/; classtype:trojan-activity;sid:84727104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.151.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864003/; classtype:trojan-activity;sid:84727103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.231.145.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864002/; classtype:trojan-activity;sid:84727102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.151.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864001/; classtype:trojan-activity;sid:84727101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3864000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.43.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3864000/; classtype:trojan-activity;sid:84727100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.246.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863999/; classtype:trojan-activity;sid:84727099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863998)"; flow:established,from_client; content:"GET"; http_method; content:"/220a1e0a-0e20-4915-9d41-5e83b72a69c8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"faogw.bankefile.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863998/; classtype:trojan-activity;sid:84727098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863997)"; flow:established,from_client; content:"GET"; http_method; content:"/20345217-d401-44d5-b9c0-33351cced50e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"owbzzpof.1xbetmag.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863997/; classtype:trojan-activity;sid:84727097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.130.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863996/; classtype:trojan-activity;sid:84727096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.222.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863995/; classtype:trojan-activity;sid:84727095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863994)"; flow:established,from_client; content:"GET"; http_method; content:"/90f93feb-b629-434a-b0cf-fbfce117a486"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ggifzobt.hugugmadani3.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863994/; classtype:trojan-activity;sid:84727094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.204.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863993/; classtype:trojan-activity;sid:84727093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.172.218.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863992/; classtype:trojan-activity;sid:84727092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.53.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863991/; classtype:trojan-activity;sid:84727091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863990)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=0f258f17-8614-4e9f-8877-bd88c7b3aaf9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"d5qqrmyp.geotechnictahuni.store"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863990/; classtype:trojan-activity;sid:84727090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.103.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863989/; classtype:trojan-activity;sid:84727089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.57.7.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863988/; classtype:trojan-activity;sid:84727088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.92.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863987/; classtype:trojan-activity;sid:84727087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.57.7.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863986/; classtype:trojan-activity;sid:84727086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.165.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863985/; classtype:trojan-activity;sid:84727085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.237.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863984/; classtype:trojan-activity;sid:84727084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.184.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863983/; classtype:trojan-activity;sid:84727083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863982)"; flow:established,from_client; content:"GET"; http_method; content:"/935a804d-0cb6-4e50-a582-0902469639f3"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"dtbgl.bookdrive.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863982/; classtype:trojan-activity;sid:84727082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.183.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863981/; classtype:trojan-activity;sid:84727081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.58.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863980/; classtype:trojan-activity;sid:84727080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863979)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=0581224a-d3da-4a12-9ddb-7cbc5d305f02"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"sh6rkpx6.shartmag.bet"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863979/; classtype:trojan-activity;sid:84727079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.183.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863978/; classtype:trojan-activity;sid:84727078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.84.71.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863977/; classtype:trojan-activity;sid:84727077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.58.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863976/; classtype:trojan-activity;sid:84727076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863975)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=0d026720-3dfe-46d0-a19a-d961b817eddd"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"86h7e2zq.anodaz.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863975/; classtype:trojan-activity;sid:84727075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.237.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863974/; classtype:trojan-activity;sid:84727074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.127.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863973/; classtype:trojan-activity;sid:84727073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.86.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863972/; classtype:trojan-activity;sid:84727072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.172.218.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863971/; classtype:trojan-activity;sid:84727071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.209.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863970/; classtype:trojan-activity;sid:84727070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.84.71.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863969/; classtype:trojan-activity;sid:84727069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863968)"; flow:established,from_client; content:"GET"; http_method; content:"/99a6edcb-34fc-4896-8d95-d22aca759009"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"alrwomdp.restaurantguideaarhus.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863968/; classtype:trojan-activity;sid:84727068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.94.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863967/; classtype:trojan-activity;sid:84727067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.184.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863966/; classtype:trojan-activity;sid:84727066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.209.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863965/; classtype:trojan-activity;sid:84727065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863964)"; flow:established,from_client; content:"GET"; http_method; content:"/private/python3.6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"5.78.73.122"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863964/; classtype:trojan-activity;sid:84727064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.30.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863963/; classtype:trojan-activity;sid:84727063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863962)"; flow:established,from_client; content:"GET"; http_method; content:"/private/bins.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.78.73.122"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863962/; classtype:trojan-activity;sid:84727062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863961)"; flow:established,from_client; content:"GET"; http_method; content:"/private/bins_py.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"5.78.73.122"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863961/; classtype:trojan-activity;sid:84727061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.242.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863960/; classtype:trojan-activity;sid:84727060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863959)"; flow:established,from_client; content:"GET"; http_method; content:"/5a74a7d1-c502-4a6b-8ede-e4f5d425911b"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"obmhxqg.rocketbet.pro"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863959/; classtype:trojan-activity;sid:84727059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.180.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863958/; classtype:trojan-activity;sid:84727058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863957)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=5be58697-7947-4dd3-9734-7ad75f0b94c4"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ggcjxgov.fununetadris.shop"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863957/; classtype:trojan-activity;sid:84727057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.2.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863956/; classtype:trojan-activity;sid:84727056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.237.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863955/; classtype:trojan-activity;sid:84727055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863954)"; flow:established,from_client; content:"GET"; http_method; content:"/94f31742-680b-42ce-96a4-db1816a6831d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gsdzofat.winxbet.co"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863954/; classtype:trojan-activity;sid:84727054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.160.197.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863953/; classtype:trojan-activity;sid:84727053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863952)"; flow:established,from_client; content:"GET"; http_method; content:"/3e30aae3-fcc4-467f-a775-2cc6985afcb1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"krigo.ecologyardakani.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863952/; classtype:trojan-activity;sid:84727052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.242.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863951/; classtype:trojan-activity;sid:84727051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.113.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863950/; classtype:trojan-activity;sid:84727050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863949)"; flow:established,from_client; content:"GET"; http_method; content:"/2f70c90c-c606-4b15-a1ad-b785962630ed"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"aoeoelfz.hugugbime.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863949/; classtype:trojan-activity;sid:84727049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863948)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c9fc0f04-c58a-4c06-af49-0cb4186ca166"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ew8mvpi7.shartbandikade.online"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863948/; classtype:trojan-activity;sid:84727048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.113.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863947/; classtype:trojan-activity;sid:84727047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.68.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863946/; classtype:trojan-activity;sid:84727046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863945)"; flow:established,from_client; content:"GET"; http_method; content:"/3bda8235-2912-4c46-933b-7b088c932149"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jyvartai.hugugdaryayi.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863945/; classtype:trojan-activity;sid:84727045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.81.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863944/; classtype:trojan-activity;sid:84727044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.115.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863943/; classtype:trojan-activity;sid:84727043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863942)"; flow:established,from_client; content:"GET"; http_method; content:"/ic3iseeyoujewishpigeons.sh"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"152.236.4.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863942/; classtype:trojan-activity;sid:84727042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.150.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863941/; classtype:trojan-activity;sid:84727041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.249.193.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863939/; classtype:trojan-activity;sid:84727039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.159.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863940/; classtype:trojan-activity;sid:84727040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863938)"; flow:established,from_client; content:"GET"; http_method; content:"/cb659031-a24c-4ca9-9059-f15251b727de"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cjfwh.drivingbook.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863938/; classtype:trojan-activity;sid:84727038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.68.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863937/; classtype:trojan-activity;sid:84727037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863936)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b76e67c7-855c-48ac-b260-0c113467620e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dkcxfqn2.gavaedfagahe.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863936/; classtype:trojan-activity;sid:84727036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.10.132.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863935/; classtype:trojan-activity;sid:84727035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863934)"; flow:established,from_client; content:"GET"; http_method; content:"/1d5e34d7-ad58-4df4-8c4d-1a8794cb0668"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"psmecdlr.hugugedari.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863934/; classtype:trojan-activity;sid:84727034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.159.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863933/; classtype:trojan-activity;sid:84727033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.249.193.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863932/; classtype:trojan-activity;sid:84727032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.36.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863931/; classtype:trojan-activity;sid:84727031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.27.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863930/; classtype:trojan-activity;sid:84727030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.36.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863929/; classtype:trojan-activity;sid:84727029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.145.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863928/; classtype:trojan-activity;sid:84727028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863927)"; flow:established,from_client; content:"GET"; http_method; content:"/df880418-2c8e-4016-bf40-08d69ea5f890"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"dngzhceb.hugugmadani3.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863927/; classtype:trojan-activity;sid:84727027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863926)"; flow:established,from_client; content:"GET"; http_method; content:"/e4bc025b-e2c5-4321-9359-e6ba727d7cb7"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mhhalmi.pokerkade.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863926/; classtype:trojan-activity;sid:84727026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.27.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863925/; classtype:trojan-activity;sid:84727025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.2.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863924/; classtype:trojan-activity;sid:84727024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863923)"; flow:established,from_client; content:"GET"; http_method; content:"/godisdead.1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.236.4.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863923/; classtype:trojan-activity;sid:84727023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863922)"; flow:established,from_client; content:"GET"; http_method; content:"/godisdead.12"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"152.236.4.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863922/; classtype:trojan-activity;sid:84727022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863910)"; flow:established,from_client; content:"GET"; http_method; content:"/godisdead.3"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.236.4.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863910/; classtype:trojan-activity;sid:84727010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863911)"; flow:established,from_client; content:"GET"; http_method; content:"/godisdead.7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.236.4.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863911/; classtype:trojan-activity;sid:84727011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863912)"; flow:established,from_client; content:"GET"; http_method; content:"/godisdead.13"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"152.236.4.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863912/; classtype:trojan-activity;sid:84727012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863913)"; flow:established,from_client; content:"GET"; http_method; content:"/godisdead.2"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.236.4.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863913/; classtype:trojan-activity;sid:84727013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863914)"; flow:established,from_client; content:"GET"; http_method; content:"/godisdead.9"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.236.4.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863914/; classtype:trojan-activity;sid:84727014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863915)"; flow:established,from_client; content:"GET"; http_method; content:"/godisdead.10"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"152.236.4.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863915/; classtype:trojan-activity;sid:84727015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863916)"; flow:established,from_client; content:"GET"; http_method; content:"/godisdead.8"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.236.4.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863916/; classtype:trojan-activity;sid:84727016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863917)"; flow:established,from_client; content:"GET"; http_method; content:"/godisdead.5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.236.4.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863917/; classtype:trojan-activity;sid:84727017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863918)"; flow:established,from_client; content:"GET"; http_method; content:"/godisdead.11"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"152.236.4.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863918/; classtype:trojan-activity;sid:84727018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863919)"; flow:established,from_client; content:"GET"; http_method; content:"/areyouajew.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"152.236.4.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863919/; classtype:trojan-activity;sid:84727019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863920)"; flow:established,from_client; content:"GET"; http_method; content:"/godisdead.4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.236.4.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863920/; classtype:trojan-activity;sid:84727020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863921)"; flow:established,from_client; content:"GET"; http_method; content:"/godisdead.6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.236.4.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863921/; classtype:trojan-activity;sid:84727021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.31.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863909/; classtype:trojan-activity;sid:84727009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863908)"; flow:established,from_client; content:"GET"; http_method; content:"/43675522-e346-41dd-a059-72da97631052"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nwklhlmm.hugugmadani6.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863908/; classtype:trojan-activity;sid:84727008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863907)"; flow:established,from_client; content:"GET"; http_method; content:"/4245e366-8a5a-4fda-96ad-c495fee597a8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ezrzb.downloadquran.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863907/; classtype:trojan-activity;sid:84727007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863906/; classtype:trojan-activity;sid:84727006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.219.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863905/; classtype:trojan-activity;sid:84727005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.193.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863904/; classtype:trojan-activity;sid:84727004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.37.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863903/; classtype:trojan-activity;sid:84727003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863902/; classtype:trojan-activity;sid:84727002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863901)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=0903d582-cca8-4b4e-91ad-d09b88706561"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"2igj4kg6.shartbandifootballkade.online"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863901/; classtype:trojan-activity;sid:84727001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.89.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863900/; classtype:trojan-activity;sid:84727000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863899)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=16d95c5e-0be9-49f4-8a92-3268ffc2686f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"9fmgmj87.garatequran.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863899/; classtype:trojan-activity;sid:84726999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863898)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=4d9ae84a-905f-418c-baa2-4e050ff69ce2"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wgtpfakz.akhlagvaahkam.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863898/; classtype:trojan-activity;sid:84726998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.37.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863897/; classtype:trojan-activity;sid:84726997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863896)"; flow:established,from_client; content:"GET"; http_method; content:"/790b17d6-da34-4360-8e08-798766b701d4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xmxmplzc.hugugmadanikatouzian.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863896/; classtype:trojan-activity;sid:84726996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.36.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863895/; classtype:trojan-activity;sid:84726995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.89.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863894/; classtype:trojan-activity;sid:84726994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.161.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863893/; classtype:trojan-activity;sid:84726993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.110.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863892/; classtype:trojan-activity;sid:84726992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.252.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863891/; classtype:trojan-activity;sid:84726991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.13.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863889/; classtype:trojan-activity;sid:84726989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.13.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863890/; classtype:trojan-activity;sid:84726990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.110.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863888/; classtype:trojan-activity;sid:84726988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.106.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863887/; classtype:trojan-activity;sid:84726987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.106.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863886/; classtype:trojan-activity;sid:84726986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.36.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863885/; classtype:trojan-activity;sid:84726985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863884)"; flow:established,from_client; content:"GET"; http_method; content:"/4f133f44-f638-4ae9-83aa-4f06f185ba9b"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qjgjbwpw.hugugnasiri.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863884/; classtype:trojan-activity;sid:84726984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.90.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863883/; classtype:trojan-activity;sid:84726983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.252.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863882/; classtype:trojan-activity;sid:84726982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.125.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863881/; classtype:trojan-activity;sid:84726981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.229.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863880/; classtype:trojan-activity;sid:84726980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863879)"; flow:established,from_client; content:"GET"; http_method; content:"/468e3159-5088-4ee5-b05a-cc7de4e0e1bf"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cdvmgdw.melbetkade.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863879/; classtype:trojan-activity;sid:84726979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863878)"; flow:established,from_client; content:"GET"; http_method; content:"/a3c2de44-ba26-4ff8-ba84-0d5b9bca7a4a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"dpphq.differentialmamuli.store"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863878/; classtype:trojan-activity;sid:84726978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.204.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863877/; classtype:trojan-activity;sid:84726977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.32.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863876/; classtype:trojan-activity;sid:84726976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.248.157.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863875/; classtype:trojan-activity;sid:84726975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863874)"; flow:established,from_client; content:"GET"; http_method; content:"/f24f6b9b-640c-44f9-9a26-05743b8f3119"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"wutgubeq.hugugtatbigi.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863874/; classtype:trojan-activity;sid:84726974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.189.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863873/; classtype:trojan-activity;sid:84726973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.248.157.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863872/; classtype:trojan-activity;sid:84726972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.31.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863871/; classtype:trojan-activity;sid:84726971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863870)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=8c46a6d7-e205-4036-b9aa-d31c4d60e3ba"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ttr6z4z6.moarefeslami.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863870/; classtype:trojan-activity;sid:84726970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.198.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863869/; classtype:trojan-activity;sid:84726969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.8.118.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863868/; classtype:trojan-activity;sid:84726968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.86.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863867/; classtype:trojan-activity;sid:84726967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863866)"; flow:established,from_client; content:"GET"; http_method; content:"/9eb5aec8-8438-4acd-9cf2-b612af760d3e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fmhkmjyi.hugugtejarat4.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863866/; classtype:trojan-activity;sid:84726966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.230.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863865/; classtype:trojan-activity;sid:84726965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.5.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863864/; classtype:trojan-activity;sid:84726964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.157.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863863/; classtype:trojan-activity;sid:84726963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.31.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863862/; classtype:trojan-activity;sid:84726962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.5.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863861/; classtype:trojan-activity;sid:84726961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863859)"; flow:established,from_client; content:"GET"; http_method; content:"/32215893-67aa-4426-8368-31ccf3b184f7"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"edtmogyp.red90.casino"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863859/; classtype:trojan-activity;sid:84726959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863860)"; flow:established,from_client; content:"GET"; http_method; content:"/d46e84ed-ed85-4d8f-8c00-e46f976531bb"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"tkzvl.nagshekeshi.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863860/; classtype:trojan-activity;sid:84726960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863858)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1633a656-a511-40cc-8510-7db2d3287e63"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"5w4mouaz.shansline.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863858/; classtype:trojan-activity;sid:84726958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.157.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863857/; classtype:trojan-activity;sid:84726957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.230.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863856/; classtype:trojan-activity;sid:84726956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863855/; classtype:trojan-activity;sid:84726955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.7.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863854/; classtype:trojan-activity;sid:84726954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.10.132.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863853/; classtype:trojan-activity;sid:84726953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.22.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863852/; classtype:trojan-activity;sid:84726952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863851)"; flow:established,from_client; content:"GET"; http_method; content:"/01081363-29bc-4b0d-9ac7-9c5b3e4c7b66"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cowhdabq.shartbandi.games"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863851/; classtype:trojan-activity;sid:84726951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.79.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_13; reference:url, urlhaus.abuse.ch/url/3863850/; classtype:trojan-activity;sid:84726950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.103.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863849/; classtype:trojan-activity;sid:84726949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863848)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=826a75e3-4abf-4811-a120-472468541a97"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"x6veozdp.ganuneasasi.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863848/; classtype:trojan-activity;sid:84726948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.245.6.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863847/; classtype:trojan-activity;sid:84726947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863846)"; flow:established,from_client; content:"GET"; http_method; content:"/17e58e67-f61d-446c-ac65-355bdf440116"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"sjgnfsm.megaparikade.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863846/; classtype:trojan-activity;sid:84726946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863845)"; flow:established,from_client; content:"GET"; http_method; content:"/a274e982-7057-438c-8c3a-c0984f407f4c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hkhyaprc.betyek.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863845/; classtype:trojan-activity;sid:84726945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.245.6.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863844/; classtype:trojan-activity;sid:84726944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.205.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863843/; classtype:trojan-activity;sid:84726943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.130.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863842/; classtype:trojan-activity;sid:84726942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863841)"; flow:established,from_client; content:"GET"; http_method; content:"/901081a1-f2d6-4ae8-9cb8-58f09a215ad8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"rpndf.mustatabashpazi.shop"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863841/; classtype:trojan-activity;sid:84726941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.42.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863840/; classtype:trojan-activity;sid:84726940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863839)"; flow:established,from_client; content:"GET"; http_method; content:"/2a529807-a2af-4d7f-8cfd-201bb73ee73d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"geirvzju.betxane.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863839/; classtype:trojan-activity;sid:84726939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863838)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=97ee8911-4035-4d21-b429-d051f400c6fd"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"u4b0eg10.akhlagkarbordi.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863838/; classtype:trojan-activity;sid:84726938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.42.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863837/; classtype:trojan-activity;sid:84726937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.31.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863836/; classtype:trojan-activity;sid:84726936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.221.254.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863834/; classtype:trojan-activity;sid:84726934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.67.33.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863835/; classtype:trojan-activity;sid:84726935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.229.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863833/; classtype:trojan-activity;sid:84726933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863832)"; flow:established,from_client; content:"GET"; http_method; content:"/de4fcd83-c1fd-463c-ada8-43d690e95047"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xipuryqj.betwanna.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863832/; classtype:trojan-activity;sid:84726932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.155.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863831/; classtype:trojan-activity;sid:84726931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.163.25.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863830/; classtype:trojan-activity;sid:84726930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.200.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863828/; classtype:trojan-activity;sid:84726928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.53.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863829/; classtype:trojan-activity;sid:84726929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863827)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=81193bbf-17a7-4199-bdfd-7d66a9ca105b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ukpoojmk.shansbartar.bet"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863827/; classtype:trojan-activity;sid:84726927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.53.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863826/; classtype:trojan-activity;sid:84726926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863825)"; flow:established,from_client; content:"GET"; http_method; content:"/f2c030ca-a427-46e1-aff4-47cf37c27df9"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"wumyhfj.livebetkade.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863825/; classtype:trojan-activity;sid:84726925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863824)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=afe56ead-49bb-4363-bf54-a24800be8320"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"9w0va69z.shansbartar.bet"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863824/; classtype:trojan-activity;sid:84726924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.221.254.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863823/; classtype:trojan-activity;sid:84726923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.200.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863822/; classtype:trojan-activity;sid:84726922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863821)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=67e1e0e1-f66f-444a-a206-21f0d13d6906"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1fqobn4w.hattrickbetkade.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863821/; classtype:trojan-activity;sid:84726921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.67.33.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863820/; classtype:trojan-activity;sid:84726920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.114.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863819/; classtype:trojan-activity;sid:84726919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863818)"; flow:established,from_client; content:"GET"; http_method; content:"/c6bac874-d125-4803-8d94-4ff40719661f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raqmk.mururhesabdari.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863818/; classtype:trojan-activity;sid:84726918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863817)"; flow:established,from_client; content:"GET"; http_method; content:"/7a31854b-2960-46cd-a8ff-3d9c4e9c3922"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hqqacfwe.betforwardkade.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863817/; classtype:trojan-activity;sid:84726917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863816/; classtype:trojan-activity;sid:84726916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.229.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863815/; classtype:trojan-activity;sid:84726915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863814)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=baf5d98c-f8d0-4fb7-b350-b32330c3af71"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"k96h8q0b.fubet24.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863814/; classtype:trojan-activity;sid:84726914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.114.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863813/; classtype:trojan-activity;sid:84726913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.233.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863812/; classtype:trojan-activity;sid:84726912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.64.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863811/; classtype:trojan-activity;sid:84726911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.230.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863810/; classtype:trojan-activity;sid:84726910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863809)"; flow:established,from_client; content:"GET"; http_method; content:"/f6ad6156-9e6b-4107-875a-d77ae80b13bf"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"yzqzbtkr.betfidokade.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863809/; classtype:trojan-activity;sid:84726909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.89.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863808/; classtype:trojan-activity;sid:84726908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.64.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863807/; classtype:trojan-activity;sid:84726907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.230.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863806/; classtype:trojan-activity;sid:84726906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.79.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863805/; classtype:trojan-activity;sid:84726905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.27.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863804/; classtype:trojan-activity;sid:84726904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.246.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863803/; classtype:trojan-activity;sid:84726903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863802)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=4e744f4c-cf9f-4294-a519-bcfde531e11a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"hopmx6jx.enfejarkade.online"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863802/; classtype:trojan-activity;sid:84726902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863801)"; flow:established,from_client; content:"GET"; http_method; content:"/a043036d-90bc-4ad7-85ed-b9e416eb0c34"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"dxxxyoqr.bet313.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863801/; classtype:trojan-activity;sid:84726901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.89.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863800/; classtype:trojan-activity;sid:84726900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863799)"; flow:established,from_client; content:"GET"; http_method; content:"/1098e15d-3b67-4383-a488-091e1bf8ab38"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ukfxv.motuntakhasosi.store"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863799/; classtype:trojan-activity;sid:84726899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.225.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863798/; classtype:trojan-activity;sid:84726898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.16.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863797/; classtype:trojan-activity;sid:84726897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.246.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863796/; classtype:trojan-activity;sid:84726896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863795)"; flow:established,from_client; content:"GET"; http_method; content:"/bd90f46b-8f17-474d-af62-e35cc1570076"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"llfarlit.bet120x.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863795/; classtype:trojan-activity;sid:84726895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.134.28.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863794/; classtype:trojan-activity;sid:84726894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.16.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863793/; classtype:trojan-activity;sid:84726893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.232.225.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863792/; classtype:trojan-activity;sid:84726892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863791)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclearbomb.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863791/; classtype:trojan-activity;sid:84726891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863790)"; flow:established,from_client; content:"GET"; http_method; content:"/sprd2.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863790/; classtype:trojan-activity;sid:84726890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863789)"; flow:established,from_client; content:"GET"; http_method; content:"/0298dea3-f658-4b0b-94af-882ca799cd26"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vidsloii.bcgamekade.online"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863789/; classtype:trojan-activity;sid:84726889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.79.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863788/; classtype:trojan-activity;sid:84726888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.202.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863787/; classtype:trojan-activity;sid:84726887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.79.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863786/; classtype:trojan-activity;sid:84726886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.185.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863785/; classtype:trojan-activity;sid:84726885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863784)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c780b678-4742-4be3-8c2e-221f98945a0a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"g1zevlqh.casinokade.online"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863784/; classtype:trojan-activity;sid:84726884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863783)"; flow:established,from_client; content:"GET"; http_method; content:"/7b67ccc7-c03e-4ada-bf00-56c60f3f46e3"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"whitfkos.ace9bet.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863783/; classtype:trojan-activity;sid:84726883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.185.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863781/; classtype:trojan-activity;sid:84726881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.227.251.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863782/; classtype:trojan-activity;sid:84726882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863780)"; flow:established,from_client; content:"GET"; http_method; content:"/29c283b3-28d8-4406-a383-8e0ad5565830"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"oywlk.motorbook.xyz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863780/; classtype:trojan-activity;sid:84726880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.223.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863779/; classtype:trojan-activity;sid:84726879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863778)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=18951263-3db3-4678-8840-193281461614"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"b383rztk.bordestan.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863778/; classtype:trojan-activity;sid:84726878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.82.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863777/; classtype:trojan-activity;sid:84726877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.82.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863776/; classtype:trojan-activity;sid:84726876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.202.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863775/; classtype:trojan-activity;sid:84726875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863774)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1b1dd147-3e23-4049-b3f2-8e651760df72"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dtphi824.akhbarsport.info"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863774/; classtype:trojan-activity;sid:84726874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.114.32.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863773/; classtype:trojan-activity;sid:84726873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.252.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863772/; classtype:trojan-activity;sid:84726872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.76.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863771/; classtype:trojan-activity;sid:84726871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863770)"; flow:established,from_client; content:"GET"; http_method; content:"/efb36945-6042-4c41-89b3-024021ac017a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"rngvl.bilyardkade.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863770/; classtype:trojan-activity;sid:84726870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.241.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863769/; classtype:trojan-activity;sid:84726869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863768)"; flow:established,from_client; content:"GET"; http_method; content:"/d6907b3e-3be2-40c6-a525-1245d05ece98"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"burreepr.ace90betkade.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863768/; classtype:trojan-activity;sid:84726868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863767)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp1.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"143.20.185.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863767/; classtype:trojan-activity;sid:84726867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863766)"; flow:established,from_client; content:"GET"; http_method; content:"/sex.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"143.20.185.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863766/; classtype:trojan-activity;sid:84726866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.241.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863765/; classtype:trojan-activity;sid:84726865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.183.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863764/; classtype:trojan-activity;sid:84726864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.85.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863763/; classtype:trojan-activity;sid:84726863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863762)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c60ff44a-cc27-4097-b1d4-b6db11142541"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"euerx2bw.linebetkade.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863762/; classtype:trojan-activity;sid:84726862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.165.125.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863761/; classtype:trojan-activity;sid:84726861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.165.167.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863760/; classtype:trojan-activity;sid:84726860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863759)"; flow:established,from_client; content:"GET"; http_method; content:"/135c5f82-18a4-46e5-ad5d-3439132e24f9"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"wnwrwqfz.4030bet.app"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863759/; classtype:trojan-activity;sid:84726859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863758)"; flow:established,from_client; content:"GET"; http_method; content:"/57b80f71-793d-4f39-b813-3b7358fd697d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nylmc.hotbetkade.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863758/; classtype:trojan-activity;sid:84726858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.14.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863757/; classtype:trojan-activity;sid:84726857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.155.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863756/; classtype:trojan-activity;sid:84726856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863755)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_x64.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863755/; classtype:trojan-activity;sid:84726855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863754)"; flow:established,from_client; content:"GET"; http_method; content:"/62b70cd7-91c9-4cf3-8a64-6387ff78e97a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"kfwne.moshavereravan.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863754/; classtype:trojan-activity;sid:84726854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.150.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863753/; classtype:trojan-activity;sid:84726853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.165.167.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863752/; classtype:trojan-activity;sid:84726852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863751)"; flow:established,from_client; content:"GET"; http_method; content:"/72127d19-2205-4c40-b4be-45259ef03cd2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"tngbqcwl.22betkade.online"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863751/; classtype:trojan-activity;sid:84726851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.186.230.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863750/; classtype:trojan-activity;sid:84726850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863749)"; flow:established,from_client; content:"GET"; http_method; content:"/1788c3a8-4ad3-4ca9-b8c1-ebe8388185d2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gzcgy.hiwino.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863749/; classtype:trojan-activity;sid:84726849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.61.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863748/; classtype:trojan-activity;sid:84726848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863747)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_b92525972d65ba7f.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863747/; classtype:trojan-activity;sid:84726847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863746)"; flow:established,from_client; content:"GET"; http_method; content:"/mips2"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863746/; classtype:trojan-activity;sid:84726846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863745)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_34a9e7e80dbe267c.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863745/; classtype:trojan-activity;sid:84726845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863744)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=40c01a42-5bcf-48a3-9aa0-69f4b0a97470"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cxdba2b3.zabanmemari.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863744/; classtype:trojan-activity;sid:84726844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.7.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863743/; classtype:trojan-activity;sid:84726843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.224.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863742/; classtype:trojan-activity;sid:84726842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.129.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863741/; classtype:trojan-activity;sid:84726841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.24.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863740/; classtype:trojan-activity;sid:84726840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863739)"; flow:established,from_client; content:"GET"; http_method; content:"/c9976b75-3c80-4727-be15-1bc028470169"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"htftvttj.1xyek.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863739/; classtype:trojan-activity;sid:84726839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.148.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863738/; classtype:trojan-activity;sid:84726838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.224.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863737/; classtype:trojan-activity;sid:84726837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.182.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863736/; classtype:trojan-activity;sid:84726836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863735)"; flow:established,from_client; content:"GET"; http_method; content:"/0bf3816c-4185-4fc4-bed7-1034fe957ad5"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"twhjk.hazaratkade.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863735/; classtype:trojan-activity;sid:84726835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.24.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863734/; classtype:trojan-activity;sid:84726834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863733)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1090d905-000b-48dc-9070-2aa14e39cc7d"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ncom2n7n.jetbetkade.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863733/; classtype:trojan-activity;sid:84726833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.129.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863732/; classtype:trojan-activity;sid:84726832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.17.16.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863731/; classtype:trojan-activity;sid:84726831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863730)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c964c57c-c1b2-4efa-a6fd-2817b7f5e3d5"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bv2rvqh6.zabanhaggani.shop"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863730/; classtype:trojan-activity;sid:84726830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863729)"; flow:established,from_client; content:"GET"; http_method; content:"/497eebb3-18c4-4192-8bb4-7724f6fb0085"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hodomoxq.1xborokade.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863729/; classtype:trojan-activity;sid:84726829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863728)"; flow:established,from_client; content:"GET"; http_method; content:"/344932c8-b0ba-489e-a9b2-76a4bcf0be19"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ygfnk.darsnamejame.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863728/; classtype:trojan-activity;sid:84726828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.182.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863727/; classtype:trojan-activity;sid:84726827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.98.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863726/; classtype:trojan-activity;sid:84726826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.94.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863725/; classtype:trojan-activity;sid:84726825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863724)"; flow:established,from_client; content:"GET"; http_method; content:"/aee5e6bd-31fb-4721-ad36-baf0aa2ee5bb"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"emqlb.tahlilsazeha.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863724/; classtype:trojan-activity;sid:84726824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863723)"; flow:established,from_client; content:"GET"; http_method; content:"/1e9c3e49-69df-446c-9b8a-374b1ec34d65"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zjfxfoev.1xbitkade.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863723/; classtype:trojan-activity;sid:84726823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.120.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863722/; classtype:trojan-activity;sid:84726822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.38.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863721/; classtype:trojan-activity;sid:84726821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863720)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_dae96b431f16be7b.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863720/; classtype:trojan-activity;sid:84726820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.38.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863718/; classtype:trojan-activity;sid:84726818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.94.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863719/; classtype:trojan-activity;sid:84726819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.105.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863717/; classtype:trojan-activity;sid:84726817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863716)"; flow:established,from_client; content:"GET"; http_method; content:"/477d98c2-f89e-4c84-85d4-1662df131e9c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ljist.sanjeshvaandazegiri.shop"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863716/; classtype:trojan-activity;sid:84726816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.105.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863715/; classtype:trojan-activity;sid:84726815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863714)"; flow:established,from_client; content:"GET"; http_method; content:"/daa792e7-022c-4055-aff8-75e28ca72870"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vspdk.tahgigbazargan.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863714/; classtype:trojan-activity;sid:84726814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863713)"; flow:established,from_client; content:"GET"; http_method; content:"/4265d36b-030b-4287-b754-ffb8ea50aee1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"rizvw.sanjeshravani.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863713/; classtype:trojan-activity;sid:84726813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863712)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=6de4dbf6-1ef5-4812-9167-b27f590b467e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"g29aiuih.zabanenglishanari.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863712/; classtype:trojan-activity;sid:84726812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863711)"; flow:established,from_client; content:"GET"; http_method; content:"/89e4471d-de61-4dba-83fb-0fdd5dcf8177"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jsyao.tafsirquran.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863711/; classtype:trojan-activity;sid:84726811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863710)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=ac47d52b-ba87-40bf-be40-9eee7bba1b9f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"yc282mnt.hesabdarinoravesh.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863710/; classtype:trojan-activity;sid:84726810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863709)"; flow:established,from_client; content:"GET"; http_method; content:"/9f1c8383-fe7a-4a3d-9f7c-fd722b7999fc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"obxan.daneshkhanevade.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863709/; classtype:trojan-activity;sid:84726809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.191.125.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863708/; classtype:trojan-activity;sid:84726808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.70.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863707/; classtype:trojan-activity;sid:84726807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863706)"; flow:established,from_client; content:"GET"; http_method; content:"/244fa440-f3b8-4d3d-b17a-70a3df08ea9a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"eejgo.sakhtemandade.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863706/; classtype:trojan-activity;sid:84726806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.182.119.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863705/; classtype:trojan-activity;sid:84726805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.191.125.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863704/; classtype:trojan-activity;sid:84726804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863703)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=ba88e0ae-8bb3-4f8e-843c-2be73168c634"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ydcgvobr.tarbiatbadani.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863703/; classtype:trojan-activity;sid:84726803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.221.253.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863702/; classtype:trojan-activity;sid:84726802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.44.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863701/; classtype:trojan-activity;sid:84726801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.234.118.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863700/; classtype:trojan-activity;sid:84726800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.117.6.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863699/; classtype:trojan-activity;sid:84726799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.184.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863698/; classtype:trojan-activity;sid:84726798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.70.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863697/; classtype:trojan-activity;sid:84726797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863696)"; flow:established,from_client; content:"GET"; http_method; content:"/65244cb7-a737-45e5-8bf6-344f906a677d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fuwtp.tafsirnasiri.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863696/; classtype:trojan-activity;sid:84726796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.218.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863695/; classtype:trojan-activity;sid:84726795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.44.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863694/; classtype:trojan-activity;sid:84726794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863693)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d2711b5e-9e6b-4231-826f-87a289cb830d"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"uss6wss6.hesabdarieskandari.xyz"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863693/; classtype:trojan-activity;sid:84726793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863692)"; flow:established,from_client; content:"GET"; http_method; content:"/4304338c-60f7-48c9-9780-9e54c7c27657"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qsbsd.sadreislam.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863692/; classtype:trojan-activity;sid:84726792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.184.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863691/; classtype:trojan-activity;sid:84726791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.234.118.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863690/; classtype:trojan-activity;sid:84726790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.221.253.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863689/; classtype:trojan-activity;sid:84726789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.131.92.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863688/; classtype:trojan-activity;sid:84726788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.218.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863687/; classtype:trojan-activity;sid:84726787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.95.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863686/; classtype:trojan-activity;sid:84726786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.170.136.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863685/; classtype:trojan-activity;sid:84726785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.210.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863684/; classtype:trojan-activity;sid:84726784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863683)"; flow:established,from_client; content:"GET"; http_method; content:"/b6e5f7fe-ac21-4fef-b7ed-e8ea43269d4c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"addeg.quranmohagegin.shop"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863683/; classtype:trojan-activity;sid:84726783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.131.92.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863682/; classtype:trojan-activity;sid:84726782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.148.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863681/; classtype:trojan-activity;sid:84726781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863680)"; flow:established,from_client; content:"GET"; http_method; content:"/194ac1e6-854f-48c7-af0d-63f494d950f1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"umnbp.usoleamoozesh.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863680/; classtype:trojan-activity;sid:84726780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863679)"; flow:established,from_client; content:"GET"; http_method; content:"/f783afd5-b12c-47a9-8b56-afda3b57e382"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cswwy.tractor11.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863679/; classtype:trojan-activity;sid:84726779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863678)"; flow:established,from_client; content:"GET"; http_method; content:"/lonergigs-code/docusign/releases/download/v1.9.1/docusignsetup.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863678/; classtype:trojan-activity;sid:84726778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.68.168.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863677/; classtype:trojan-activity;sid:84726777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.183.1.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863676/; classtype:trojan-activity;sid:84726776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863675)"; flow:established,from_client; content:"GET"; http_method; content:"/6b62de9f-b31c-44cd-b520-8560ad73ec56"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nbyap.danestanihavarzeshi.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863675/; classtype:trojan-activity;sid:84726775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863674)"; flow:established,from_client; content:"GET"; http_method; content:"/effe0897-e609-4091-b03c-9c7eacfb9dea"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"sqgdb.tractor11.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863674/; classtype:trojan-activity;sid:84726774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.30.103.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863673/; classtype:trojan-activity;sid:84726773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863672)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=f7296dbe-2203-42e0-9f14-db8ad9e84102"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"coc45rrh.vanatarsim.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863672/; classtype:trojan-activity;sid:84726772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863671)"; flow:established,from_client; content:"GET"; http_method; content:"/nightcord/nightcord/releases/download/v1.19.8/nightcord-installer.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"git.nightcord.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863671/; classtype:trojan-activity;sid:84726771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863669)"; flow:established,from_client; content:"GET"; http_method; content:"/nightcord/nightcord/releases/download/v1.19.6/nightcord-installer.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"git.nightcord.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863669/; classtype:trojan-activity;sid:84726769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863670)"; flow:established,from_client; content:"GET"; http_method; content:"/nightcord/nightcord/releases/download/v1.19.7/nightcord-installer.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"git.nightcord.st"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863670/; classtype:trojan-activity;sid:84726770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.30.103.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863668/; classtype:trojan-activity;sid:84726768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863660)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assets.f1cs-dev.it"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863660/; classtype:trojan-activity;sid:84726760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863661)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assets.f1cs-dev.it"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863661/; classtype:trojan-activity;sid:84726761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863662)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assets.f1cs-dev.it"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863662/; classtype:trojan-activity;sid:84726762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863663)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assets.f1cs-dev.it"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863663/; classtype:trojan-activity;sid:84726763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863664)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assets.f1cs-dev.it"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863664/; classtype:trojan-activity;sid:84726764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863665)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assets.f1cs-dev.it"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863665/; classtype:trojan-activity;sid:84726765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863666)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assets.f1cs-dev.it"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863666/; classtype:trojan-activity;sid:84726766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863667)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assets.f1cs-dev.it"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863667/; classtype:trojan-activity;sid:84726767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863655)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assets.f1cs-dev.it"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863655/; classtype:trojan-activity;sid:84726755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863656)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assets.f1cs-dev.it"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863656/; classtype:trojan-activity;sid:84726756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863657)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"assets.f1cs-dev.it"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863657/; classtype:trojan-activity;sid:84726757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863658)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assets.f1cs-dev.it"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863658/; classtype:trojan-activity;sid:84726758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863659)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"assets.f1cs-dev.it"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863659/; classtype:trojan-activity;sid:84726759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863654)"; flow:established,from_client; content:"GET"; http_method; content:"/_next/static/media/ee4c97c61938da5b.js"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"54328cf8554e67ed-185-174-159-197.serveousercontent.com"; http_host; depth:54; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863654/; classtype:trojan-activity;sid:84726754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863653)"; flow:established,from_client; content:"GET"; http_method; content:"/_next/static/stream/edeb69ed676eee4d.js"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"views-lan-infant-solve.trycloudflare.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863653/; classtype:trojan-activity;sid:84726753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863652)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm4k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863652/; classtype:trojan-activity;sid:84726752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863642)"; flow:established,from_client; content:"GET"; http_method; content:"/dipndotsk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863642/; classtype:trojan-activity;sid:84726742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863643)"; flow:established,from_client; content:"GET"; http_method; content:"/chromek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863643/; classtype:trojan-activity;sid:84726743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863644)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863644/; classtype:trojan-activity;sid:84726744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863645)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm5k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863645/; classtype:trojan-activity;sid:84726745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863646)"; flow:established,from_client; content:"GET"; http_method; content:"/dipsk"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863646/; classtype:trojan-activity;sid:84726746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863647)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm6k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863647/; classtype:trojan-activity;sid:84726747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863648)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863648/; classtype:trojan-activity;sid:84726748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863649)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863649/; classtype:trojan-activity;sid:84726749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863650)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm7k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863650/; classtype:trojan-activity;sid:84726750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863651)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"igmc.duckdns.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863651/; classtype:trojan-activity;sid:84726751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.183.1.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863641/; classtype:trojan-activity;sid:84726741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.149.107.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863640/; classtype:trojan-activity;sid:84726740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.111.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863639/; classtype:trojan-activity;sid:84726739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863638)"; flow:established,from_client; content:"GET"; http_method; content:"/51a1db11-2cfd-4243-a99a-a9bb7d239870"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"esnjo.tractor11.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863638/; classtype:trojan-activity;sid:84726738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.112.129.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863637/; classtype:trojan-activity;sid:84726737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863636)"; flow:established,from_client; content:"GET"; http_method; content:"/0ed531e0-eeed-4fd9-a384-daf9396eb04e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"brrls.rahnemayenegaresh.site"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863636/; classtype:trojan-activity;sid:84726736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863635)"; flow:established,from_client; content:"GET"; http_method; content:"/10b11c40-e690-4496-bf35-9275ed152df0"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mbxkw.rahnemayenegaresh.site"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863635/; classtype:trojan-activity;sid:84726735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863634)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=dfe9bbae-7399-47f8-a958-2a2c8e63a120"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"mauv124k.tarahisystem.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863634/; classtype:trojan-activity;sid:84726734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.111.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863633/; classtype:trojan-activity;sid:84726733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.85.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863632/; classtype:trojan-activity;sid:84726732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.70.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863631/; classtype:trojan-activity;sid:84726731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.80.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863630/; classtype:trojan-activity;sid:84726730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.137.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863629/; classtype:trojan-activity;sid:84726729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.242.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863628/; classtype:trojan-activity;sid:84726728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.148.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863627/; classtype:trojan-activity;sid:84726727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.89.166.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863626/; classtype:trojan-activity;sid:84726726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.203.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863625/; classtype:trojan-activity;sid:84726725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.80.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863624/; classtype:trojan-activity;sid:84726724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.89.166.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863623/; classtype:trojan-activity;sid:84726723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.224.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863622/; classtype:trojan-activity;sid:84726722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863621)"; flow:established,from_client; content:"GET"; http_method; content:"/cad89886-cd51-421d-a844-b7955e75db47"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"tfpvi.testranandegi.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863621/; classtype:trojan-activity;sid:84726721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.34.242.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863620/; classtype:trojan-activity;sid:84726720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.116.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863619/; classtype:trojan-activity;sid:84726719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863618)"; flow:established,from_client; content:"GET"; http_method; content:"/a09e6e12-0f6d-4932-8205-5bb8b68fa8eb"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jebclxk.raftarsazmani.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863618/; classtype:trojan-activity;sid:84726718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.148.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863617/; classtype:trojan-activity;sid:84726717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.242.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863616/; classtype:trojan-activity;sid:84726716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.224.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863615/; classtype:trojan-activity;sid:84726715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.213.45.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863614/; classtype:trojan-activity;sid:84726714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863613)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.116.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863613/; classtype:trojan-activity;sid:84726713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.99.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863612/; classtype:trojan-activity;sid:84726712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863611)"; flow:established,from_client; content:"GET"; http_method; content:"/59693e3c-df4b-4878-a5be-381f65383988"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"kagnmzrgu.mabaninazari.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863611/; classtype:trojan-activity;sid:84726711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.187.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863610/; classtype:trojan-activity;sid:84726710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863609)"; flow:established,from_client; content:"GET"; http_method; content:"/52aa3016-2146-48ad-aab8-111439266345"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qtxcrltc.testpaye.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863609/; classtype:trojan-activity;sid:84726709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.74.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863608/; classtype:trojan-activity;sid:84726708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.97.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863607/; classtype:trojan-activity;sid:84726707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863606)"; flow:established,from_client; content:"GET"; http_method; content:"/a75c7a28-f53d-470a-b3c5-1cd01379278a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qsjvbzp.tahlilsazeha.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863606/; classtype:trojan-activity;sid:84726706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.187.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863605/; classtype:trojan-activity;sid:84726705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863604)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=bab17a28-af9c-46b6-b2c1-f55df946f01c"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"arqn7djf.vajename.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863604/; classtype:trojan-activity;sid:84726704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.88.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863603/; classtype:trojan-activity;sid:84726703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.144.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863602/; classtype:trojan-activity;sid:84726702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.251.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863601/; classtype:trojan-activity;sid:84726701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.7.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863599/; classtype:trojan-activity;sid:84726699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.77.39.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863600/; classtype:trojan-activity;sid:84726700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.162.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863598/; classtype:trojan-activity;sid:84726698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.88.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863597/; classtype:trojan-activity;sid:84726697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.213.45.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863595/; classtype:trojan-activity;sid:84726695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.85.60.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863596/; classtype:trojan-activity;sid:84726696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863594)"; flow:established,from_client; content:"GET"; http_method; content:"/a8247a00-7b37-48d9-bfbf-ee4c664abcf6"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nffhlpcv.testdrivepaye3.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863594/; classtype:trojan-activity;sid:84726694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.166.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863593/; classtype:trojan-activity;sid:84726693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.18.172.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863592/; classtype:trojan-activity;sid:84726692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.233.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863591/; classtype:trojan-activity;sid:84726691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.144.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863590/; classtype:trojan-activity;sid:84726690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863589)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=435c18ad-8ca9-4ec9-9756-058f10289e56"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"wnfo1c8w.tanasobmafhumi.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863589/; classtype:trojan-activity;sid:84726689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.71.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863588/; classtype:trojan-activity;sid:84726688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.162.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863587/; classtype:trojan-activity;sid:84726687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863586)"; flow:established,from_client; content:"GET"; http_method; content:"/fb081ff0-82e9-4d21-9f23-6fc3ba3cbba2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ozymtyh.tahgigbazargan.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863586/; classtype:trojan-activity;sid:84726686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.7.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863585/; classtype:trojan-activity;sid:84726685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.170.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863584/; classtype:trojan-activity;sid:84726684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.233.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863583/; classtype:trojan-activity;sid:84726683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863582)"; flow:established,from_client; content:"GET"; http_method; content:"/354a0040-5bbb-434a-91e2-dd82db39436f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lqlrmchm.tasisathosseini.shop"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863582/; classtype:trojan-activity;sid:84726682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"62.60.130.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863581/; classtype:trojan-activity;sid:84726681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.63.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863580/; classtype:trojan-activity;sid:84726680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863579)"; flow:established,from_client; content:"GET"; http_method; content:"/d2088237-b23c-4427-979c-6cea4bdf4894"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vfxdzptjm.mabaninazaridelavar.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863579/; classtype:trojan-activity;sid:84726679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.164.71.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863578/; classtype:trojan-activity;sid:84726678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.77.39.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863577/; classtype:trojan-activity;sid:84726677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.182.119.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863576/; classtype:trojan-activity;sid:84726676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863575)"; flow:established,from_client; content:"GET"; http_method; content:"/232b6a47-4cd5-4f08-8228-a442a0297e53"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zeuephv.tafsirquran.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863575/; classtype:trojan-activity;sid:84726675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.63.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863574/; classtype:trojan-activity;sid:84726674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863573)"; flow:established,from_client; content:"GET"; http_method; content:"/01864d40-ae3a-4908-b423-e8eca9c482f1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"npejbmmk.tarikhravannovin.shop"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863573/; classtype:trojan-activity;sid:84726673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.47.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863572/; classtype:trojan-activity;sid:84726672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.28.220.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863571/; classtype:trojan-activity;sid:84726671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863570)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=a2cfb2ae-f27d-4cf7-9eba-a1741cdad2bc"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"qjwhwhzz.hesabdari2.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863570/; classtype:trojan-activity;sid:84726670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.108.24.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863569/; classtype:trojan-activity;sid:84726669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.164.71.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863568/; classtype:trojan-activity;sid:84726668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863567)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=9e490243-b607-4b54-8c7d-0acb7a157604"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"rxuuxnyy.shimiumumi.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863567/; classtype:trojan-activity;sid:84726667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.94.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863566/; classtype:trojan-activity;sid:84726666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.42.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863565/; classtype:trojan-activity;sid:84726665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.94.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863564/; classtype:trojan-activity;sid:84726664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.47.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863563/; classtype:trojan-activity;sid:84726663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863562)"; flow:established,from_client; content:"GET"; http_method; content:"/4be486f2-875a-452d-98c8-ddc4866bef92"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"rqvfqcgu.tarikhcheravanshenasi.xyz"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863562/; classtype:trojan-activity;sid:84726662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863561)"; flow:established,from_client; content:"GET"; http_method; content:"/62f26d7d-d705-41d7-bc75-87192f1154de"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mnxewnp.tafsirnasiri.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863561/; classtype:trojan-activity;sid:84726661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863560)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b5d399b2-813c-4fd6-9fe6-439d097ec74c"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"8qh80m8o.shimiskoog.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863560/; classtype:trojan-activity;sid:84726660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.17.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863559/; classtype:trojan-activity;sid:84726659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.197.114.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863558/; classtype:trojan-activity;sid:84726658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863557)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7bd494cf-f5c4-44b0-b3f0-a05557a5524f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ahfq0ebl.ahkam.xyz"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863557/; classtype:trojan-activity;sid:84726657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.197.114.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863556/; classtype:trojan-activity;sid:84726656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863554)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.139.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863554/; classtype:trojan-activity;sid:84726654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863555)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.139.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863555/; classtype:trojan-activity;sid:84726655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863550)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.139.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863550/; classtype:trojan-activity;sid:84726650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863551)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"176.65.139.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863551/; classtype:trojan-activity;sid:84726651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863552)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.139.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863552/; classtype:trojan-activity;sid:84726652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863553)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.139.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863553/; classtype:trojan-activity;sid:84726653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863549)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.139.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863549/; classtype:trojan-activity;sid:84726649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863547)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.139.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863547/; classtype:trojan-activity;sid:84726647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863548)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.139.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863548/; classtype:trojan-activity;sid:84726648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863544)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.139.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863544/; classtype:trojan-activity;sid:84726644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863545)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.139.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863545/; classtype:trojan-activity;sid:84726645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863546)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.139.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863546/; classtype:trojan-activity;sid:84726646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863543)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.139.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863543/; classtype:trojan-activity;sid:84726643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863528)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/riscv32"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863528/; classtype:trojan-activity;sid:84726628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863529)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/or1k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863529/; classtype:trojan-activity;sid:84726629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863530)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863530/; classtype:trojan-activity;sid:84726630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863531)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863531/; classtype:trojan-activity;sid:84726631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863532)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm5k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863532/; classtype:trojan-activity;sid:84726632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863533)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm4k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863533/; classtype:trojan-activity;sid:84726633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863534)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh2"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863534/; classtype:trojan-activity;sid:84726634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863535)"; flow:established,from_client; content:"GET"; http_method; content:"/dipndotsk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863535/; classtype:trojan-activity;sid:84726635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863536)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm7k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863536/; classtype:trojan-activity;sid:84726636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863537)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/riscv64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863537/; classtype:trojan-activity;sid:84726637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863538)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863538/; classtype:trojan-activity;sid:84726638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863539)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863539/; classtype:trojan-activity;sid:84726639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863540)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863540/; classtype:trojan-activity;sid:84726640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863541)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i386"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863541/; classtype:trojan-activity;sid:84726641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863542)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/microblaze"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863542/; classtype:trojan-activity;sid:84726642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863523)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm6k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863523/; classtype:trojan-activity;sid:84726623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863524)"; flow:established,from_client; content:"GET"; http_method; content:"/dipsk"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863524/; classtype:trojan-activity;sid:84726624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863525)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863525/; classtype:trojan-activity;sid:84726625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863526)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/loongarch64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863526/; classtype:trojan-activity;sid:84726626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863527)"; flow:established,from_client; content:"GET"; http_method; content:"/chromek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863527/; classtype:trojan-activity;sid:84726627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.17.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863522/; classtype:trojan-activity;sid:84726622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.97.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863521/; classtype:trojan-activity;sid:84726621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863520)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/yarn.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863520/; classtype:trojan-activity;sid:84726620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863519)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1io7nfj3rhdfazu4zf6qhc0sowmubmjx2"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863519/; classtype:trojan-activity;sid:84726619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863518)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=15vbhxqeuodu8weznehcb4ivvlkryyxfg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863518/; classtype:trojan-activity;sid:84726618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.80.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863517/; classtype:trojan-activity;sid:84726617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.97.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863516/; classtype:trojan-activity;sid:84726616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.80.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863515/; classtype:trojan-activity;sid:84726615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863514)"; flow:established,from_client; content:"GET"; http_method; content:"/fe651bd7-9fec-4fc0-920c-4433f5734090"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xlrvvrbvb.mabanimashin.site"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863514/; classtype:trojan-activity;sid:84726614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863513)"; flow:established,from_client; content:"GET"; http_method; content:"/d45137ac-fe15-4e87-8c16-4b9ff6a40afe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"syqxxqi.riyaziyattajrobi.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863513/; classtype:trojan-activity;sid:84726613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863512)"; flow:established,from_client; content:"GET"; http_method; content:"/api/terminal/connect-runner|3f|flag=7"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"lab99.sbs"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863512/; classtype:trojan-activity;sid:84726612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863511)"; flow:established,from_client; content:"GET"; http_method; content:"/api/terminal/script|3f|flag=7"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"lab99.sbs"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863511/; classtype:trojan-activity;sid:84726611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863510)"; flow:established,from_client; content:"GET"; http_method; content:"/download/appdw/app.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"opmg.top"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863510/; classtype:trojan-activity;sid:84726610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863508)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.139.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863508/; classtype:trojan-activity;sid:84726608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863509)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.139.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863509/; classtype:trojan-activity;sid:84726609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863507)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_80ffdadbe65cc63f.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863507/; classtype:trojan-activity;sid:84726607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.153.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863506/; classtype:trojan-activity;sid:84726606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.249.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863505/; classtype:trojan-activity;sid:84726605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.165.157.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863504/; classtype:trojan-activity;sid:84726604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.95.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863503/; classtype:trojan-activity;sid:84726603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.178.144.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863502/; classtype:trojan-activity;sid:84726602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.165.157.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863501/; classtype:trojan-activity;sid:84726601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.153.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863500/; classtype:trojan-activity;sid:84726600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.18.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863499/; classtype:trojan-activity;sid:84726599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863498)"; flow:established,from_client; content:"GET"; http_method; content:"/d3e146fd-9ddf-4a0d-a6d2-24d39a7df68a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zlsfegg.riyazishahkilid.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863498/; classtype:trojan-activity;sid:84726598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.192.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863497/; classtype:trojan-activity;sid:84726597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.178.144.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863496/; classtype:trojan-activity;sid:84726596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863495)"; flow:established,from_client; content:"GET"; http_method; content:"/a9880af7-4ec5-41c9-8708-164db92d52dd"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"omgolqds.sazebetonarme.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863495/; classtype:trojan-activity;sid:84726595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863494)"; flow:established,from_client; content:"GET"; http_method; content:"/23acb8ac-eed7-4895-95bf-f10dc88b774b"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"aegkmnbe.sanjeshvaandazegiri.shop"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863494/; classtype:trojan-activity;sid:84726594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.235.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863493/; classtype:trojan-activity;sid:84726593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.206.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863492/; classtype:trojan-activity;sid:84726592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.102.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863491/; classtype:trojan-activity;sid:84726591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.166.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863490/; classtype:trojan-activity;sid:84726590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.238.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863489/; classtype:trojan-activity;sid:84726589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.114.32.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863488/; classtype:trojan-activity;sid:84726588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.18.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863487/; classtype:trojan-activity;sid:84726587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863486)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=ee0ca37b-5e14-45e7-8a50-168fe4838e8b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"0saw15fk.activereading.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863486/; classtype:trojan-activity;sid:84726586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.212.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863485/; classtype:trojan-activity;sid:84726585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863484)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=50279a32-edea-426a-97c2-8f34f4fdf38b"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"jvvrtt3s.sazehayefooladi.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863484/; classtype:trojan-activity;sid:84726584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.145.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863483/; classtype:trojan-activity;sid:84726583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.235.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863482/; classtype:trojan-activity;sid:84726582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.210.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863481/; classtype:trojan-activity;sid:84726581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863480)"; flow:established,from_client; content:"GET"; http_method; content:"/f3a6cd66-d077-4fb7-8623-e76591a563b8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"scrbsmf.activebook.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863480/; classtype:trojan-activity;sid:84726580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863479)"; flow:established,from_client; content:"GET"; http_method; content:"/53e9dc12-e57d-4867-9efb-aae24d310b97"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jwaxmaqh.sanjeshravani.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863479/; classtype:trojan-activity;sid:84726579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.42.91.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863478/; classtype:trojan-activity;sid:84726578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.91.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863477/; classtype:trojan-activity;sid:84726577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.91.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863476/; classtype:trojan-activity;sid:84726576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863475)"; flow:established,from_client; content:"GET"; http_method; content:"/95704a38-1065-4f09-a32d-e52111865611"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lvzqrradp.mabanieslami2.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863475/; classtype:trojan-activity;sid:84726575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.171.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863473/; classtype:trojan-activity;sid:84726573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"105.184.50.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863474/; classtype:trojan-activity;sid:84726574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.115.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863472/; classtype:trojan-activity;sid:84726572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.171.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863471/; classtype:trojan-activity;sid:84726571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.255.10.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863470/; classtype:trojan-activity;sid:84726570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.190.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863469/; classtype:trojan-activity;sid:84726569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.11.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863468/; classtype:trojan-activity;sid:84726568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.40.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863467/; classtype:trojan-activity;sid:84726567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863466)"; flow:established,from_client; content:"GET"; http_method; content:"/1fc1bd06-7703-42c8-92f7-9ded5fe09759"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"negnwxwk.sakhtemandade.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863466/; classtype:trojan-activity;sid:84726566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.24.81.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863465/; classtype:trojan-activity;sid:84726565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863464)"; flow:established,from_client; content:"GET"; http_method; content:"/439127fa-b8d9-484d-ab12-a7c6ce3eb469"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fidixce.abresanishahri.store"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863464/; classtype:trojan-activity;sid:84726564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.115.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863463/; classtype:trojan-activity;sid:84726563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.255.10.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863462/; classtype:trojan-activity;sid:84726562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.190.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863461/; classtype:trojan-activity;sid:84726561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.85.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863460/; classtype:trojan-activity;sid:84726560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.76.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863459/; classtype:trojan-activity;sid:84726559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.51.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863458/; classtype:trojan-activity;sid:84726558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.204.196.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863457/; classtype:trojan-activity;sid:84726557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.24.81.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863456/; classtype:trojan-activity;sid:84726556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.57.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863455/; classtype:trojan-activity;sid:84726555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.78.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863454/; classtype:trojan-activity;sid:84726554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.57.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863453/; classtype:trojan-activity;sid:84726553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.11.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863452/; classtype:trojan-activity;sid:84726552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.184.50.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863451/; classtype:trojan-activity;sid:84726551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863450)"; flow:established,from_client; content:"GET"; http_method; content:"/a3c3e109-7bd2-41ee-a1b1-7201b7272e23"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vdwupypy.sadreislam.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863450/; classtype:trojan-activity;sid:84726550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.228.109.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863449/; classtype:trojan-activity;sid:84726549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863448)"; flow:established,from_client; content:"GET"; http_method; content:"/07e46f50-2f86-4eeb-8a3a-88c9246e4681"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"yyyfiub.1x1.pro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863448/; classtype:trojan-activity;sid:84726548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.76.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863447/; classtype:trojan-activity;sid:84726547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.51.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863446/; classtype:trojan-activity;sid:84726546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.26.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863445/; classtype:trojan-activity;sid:84726545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.204.196.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863444/; classtype:trojan-activity;sid:84726544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863443)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=2df3e49b-8067-4f69-8d20-bf87c3d20ede"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"2q6xaa8u.ravanshenasisaeedi.xyz"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863443/; classtype:trojan-activity;sid:84726543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863442)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=f93b6009-3fc8-47c4-9b53-25b98d45547f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"epb5v18q.activeintro.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863442/; classtype:trojan-activity;sid:84726542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.48.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863441/; classtype:trojan-activity;sid:84726541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863440)"; flow:established,from_client; content:"GET"; http_method; content:"/8a688702-f713-4b7b-9b47-d8ff26a0835d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lrvizgxp.lincoplus.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863440/; classtype:trojan-activity;sid:84726540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863439)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8587665743/jenzvpg.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863439/; classtype:trojan-activity;sid:84726539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863431)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863431/; classtype:trojan-activity;sid:84726531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863432)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863432/; classtype:trojan-activity;sid:84726532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863433)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863433/; classtype:trojan-activity;sid:84726533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863434)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863434/; classtype:trojan-activity;sid:84726534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863435)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863435/; classtype:trojan-activity;sid:84726535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863436)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863436/; classtype:trojan-activity;sid:84726536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863437)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863437/; classtype:trojan-activity;sid:84726537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863438)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863438/; classtype:trojan-activity;sid:84726538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863430)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/o.xml"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863430/; classtype:trojan-activity;sid:84726530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863428)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sex.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863428/; classtype:trojan-activity;sid:84726528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863429)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863429/; classtype:trojan-activity;sid:84726529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863426)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863426/; classtype:trojan-activity;sid:84726526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863427)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"64.89.162.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863427/; classtype:trojan-activity;sid:84726527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.152.35.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863425/; classtype:trojan-activity;sid:84726525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863424)"; flow:established,from_client; content:"GET"; http_method; content:"/ea103b0c-1067-44fa-883c-b4872f2f96ed"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"oxcydtg.1x1.cash"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863424/; classtype:trojan-activity;sid:84726524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.10.180.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863423/; classtype:trojan-activity;sid:84726523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.112.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863422/; classtype:trojan-activity;sid:84726522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863421)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=9e28d762-78a6-4478-a19d-f285fd4febc9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"kn46xsmt.readthisintro.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863421/; classtype:trojan-activity;sid:84726521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.48.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863420/; classtype:trojan-activity;sid:84726520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863419)"; flow:established,from_client; content:"GET"; http_method; content:"/a390f682-87b6-43ce-9692-b7c7cf6d0944"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bsjmxjbmv.livefootba11.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863419/; classtype:trojan-activity;sid:84726519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.10.180.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863418/; classtype:trojan-activity;sid:84726518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863417)"; flow:established,from_client; content:"GET"; http_method; content:"/563fbe24-3ecc-4f90-b09a-ea567dac9d27"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lkhpttfj.leaguejazire.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863417/; classtype:trojan-activity;sid:84726517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863416)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=ba163f4a-116c-4d6d-936d-82cbac12aab8"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bjuo48bq.ravanroshd.shop"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863416/; classtype:trojan-activity;sid:84726516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.107.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863415/; classtype:trojan-activity;sid:84726515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.250.16.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863414/; classtype:trojan-activity;sid:84726514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863413)"; flow:established,from_client; content:"GET"; http_method; content:"/86ce6ecb-367c-4c13-b461-19db64aa048a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"kdphdmr.rahnemayenegaresh.site"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863413/; classtype:trojan-activity;sid:84726513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.140.175.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863412/; classtype:trojan-activity;sid:84726512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.210.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863411/; classtype:trojan-activity;sid:84726511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863410)"; flow:established,from_client; content:"GET"; http_method; content:"/c7b2e1a0-fb3e-459a-b2e2-a7a235b19bdd"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"uqknomxs.karbordriyaziyat.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863410/; classtype:trojan-activity;sid:84726510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863409/; classtype:trojan-activity;sid:84726509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.175.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863408/; classtype:trojan-activity;sid:84726508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.238.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863407/; classtype:trojan-activity;sid:84726507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863406)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c7840707-54a1-4210-b9c2-79a3e77c6bc6"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"8bk9x8td.ravanshenasinovin.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863406/; classtype:trojan-activity;sid:84726506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.250.16.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863405/; classtype:trojan-activity;sid:84726505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863404)"; flow:established,from_client; content:"GET"; http_method; content:"/81d4dfb8-434d-4101-8a2b-b34c92fff6b5"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"djnkywq.raftarsazmani.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863404/; classtype:trojan-activity;sid:84726504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863403/; classtype:trojan-activity;sid:84726503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.107.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863402/; classtype:trojan-activity;sid:84726502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.233.102.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863401/; classtype:trojan-activity;sid:84726501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863400)"; flow:established,from_client; content:"GET"; http_method; content:"/fb59edae-9ce8-4b70-8814-f9c1489e2130"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qeyshvibv.azmoonzare.online"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_12; reference:url, urlhaus.abuse.ch/url/3863400/; classtype:trojan-activity;sid:84726500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.40.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863399/; classtype:trojan-activity;sid:84726499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.40.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863398/; classtype:trojan-activity;sid:84726498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.225.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863397/; classtype:trojan-activity;sid:84726497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863396)"; flow:established,from_client; content:"GET"; http_method; content:"/6c92b240-191d-46a4-8330-115146634057"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fdktfbbn.jam-jahani.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863396/; classtype:trojan-activity;sid:84726496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863395)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c2613c3f-0f94-436c-950b-bdd680a8515f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"pour45yz.ravandarmani.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863395/; classtype:trojan-activity;sid:84726495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863394)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863394/; classtype:trojan-activity;sid:84726494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863393)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863393/; classtype:trojan-activity;sid:84726493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863389)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863389/; classtype:trojan-activity;sid:84726489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863390)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863390/; classtype:trojan-activity;sid:84726490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863391)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863391/; classtype:trojan-activity;sid:84726491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863392)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863392/; classtype:trojan-activity;sid:84726492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863385)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863385/; classtype:trojan-activity;sid:84726485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863386)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863386/; classtype:trojan-activity;sid:84726486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863387)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863387/; classtype:trojan-activity;sid:84726487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863388)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863388/; classtype:trojan-activity;sid:84726488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863384)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sex.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863384/; classtype:trojan-activity;sid:84726484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863383)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zoryn.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863383/; classtype:trojan-activity;sid:84726483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863382)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/o.xml"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"176.65.139.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863382/; classtype:trojan-activity;sid:84726482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.225.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863381/; classtype:trojan-activity;sid:84726481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.52.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863380/; classtype:trojan-activity;sid:84726480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.59.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863379/; classtype:trojan-activity;sid:84726479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863378)"; flow:established,from_client; content:"GET"; http_method; content:"/6578f83e-aef0-4b82-99ba-165bfd563a0f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"oivuaiyy.psgnewsiran.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863378/; classtype:trojan-activity;sid:84726478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863377)"; flow:established,from_client; content:"GET"; http_method; content:"/go.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863377/; classtype:trojan-activity;sid:84726477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.70.240.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863376/; classtype:trojan-activity;sid:84726476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.176.107.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863375/; classtype:trojan-activity;sid:84726475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.59.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863374/; classtype:trojan-activity;sid:84726474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.28.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863372/; classtype:trojan-activity;sid:84726472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.26.110.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863373/; classtype:trojan-activity;sid:84726473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.70.240.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863371/; classtype:trojan-activity;sid:84726471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863370)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=432d4111-2a57-4935-825a-d1a9c90cb6cb"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"pipx8iw2.ravanshenasiganji.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863370/; classtype:trojan-activity;sid:84726470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.30.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863369/; classtype:trojan-activity;sid:84726469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.176.107.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863368/; classtype:trojan-activity;sid:84726468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863367)"; flow:established,from_client; content:"GET"; http_method; content:"/c1bad5db-dad5-4719-8b71-f39627bbb275"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qlwxqybo.prozhedownload.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863367/; classtype:trojan-activity;sid:84726467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.210.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863366/; classtype:trojan-activity;sid:84726466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.210.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863365/; classtype:trojan-activity;sid:84726465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.71.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863364/; classtype:trojan-activity;sid:84726464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.75.62.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863363/; classtype:trojan-activity;sid:84726463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.112.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863361/; classtype:trojan-activity;sid:84726461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.169.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863362/; classtype:trojan-activity;sid:84726462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863360)"; flow:established,from_client; content:"GET"; http_method; content:"/a174b60a-1cc1-4728-8a1e-0bca24561e58"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zjtjokj.quranmohagegin.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863360/; classtype:trojan-activity;sid:84726460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.66.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863359/; classtype:trojan-activity;sid:84726459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.75.62.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863358/; classtype:trojan-activity;sid:84726458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.112.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863357/; classtype:trojan-activity;sid:84726457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.94.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863356/; classtype:trojan-activity;sid:84726456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.52.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863355/; classtype:trojan-activity;sid:84726455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863354)"; flow:established,from_client; content:"GET"; http_method; content:"/96193ba5-8a3a-4546-b250-85df46f939f4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jvyzjvqmb.bankefiile.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863354/; classtype:trojan-activity;sid:84726454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863353)"; flow:established,from_client; content:"GET"; http_method; content:"/66b86068-ca14-4d15-94fa-13ff563634f0"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"kdthbhbm.prozhecart.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863353/; classtype:trojan-activity;sid:84726453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.158.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863352/; classtype:trojan-activity;sid:84726452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.30.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863351/; classtype:trojan-activity;sid:84726451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863350)"; flow:established,from_client; content:"GET"; http_method; content:"/lsge63sd3/bb.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"spasopro.at"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863350/; classtype:trojan-activity;sid:84726450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863349)"; flow:established,from_client; content:"GET"; http_method; content:"/f5bfd0e3-9a6f-4d1a-8d24-9031009e4eef"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jdxqaihsh.bankefiile.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863349/; classtype:trojan-activity;sid:84726449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863348)"; flow:established,from_client; content:"GET"; http_method; content:"/ce41ed04-6e0d-493d-8406-3d2cb22ab0bc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bfksnnrp.prozhecart.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863348/; classtype:trojan-activity;sid:84726448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863347)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1d3745bd-d7aa-420d-a879-dda195b5350f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"o0irv3h9.ravabetensani.site"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863347/; classtype:trojan-activity;sid:84726447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.94.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863346/; classtype:trojan-activity;sid:84726446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.170.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863345/; classtype:trojan-activity;sid:84726445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.39.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863344/; classtype:trojan-activity;sid:84726444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863343)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1d136609-2d79-4699-b44b-8a13abfa77a1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"63yoanli.ravanshenasi.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863343/; classtype:trojan-activity;sid:84726443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.5.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863342/; classtype:trojan-activity;sid:84726442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.233.150.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863341/; classtype:trojan-activity;sid:84726441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.31.81.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863340/; classtype:trojan-activity;sid:84726440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863339)"; flow:established,from_client; content:"GET"; http_method; content:"/97f72ccb-9bc1-4df0-8ccb-9513f553eff7"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"rcflwccn.mabanishimi.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863339/; classtype:trojan-activity;sid:84726439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.39.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863338/; classtype:trojan-activity;sid:84726438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.233.150.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863337/; classtype:trojan-activity;sid:84726437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.5.249"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863336/; classtype:trojan-activity;sid:84726436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.35.78.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863335/; classtype:trojan-activity;sid:84726435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863334)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d29dd9bb-b33d-4566-bf67-6f3429a5172a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ggc6yxvy.ravanshenakhti.shop"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863334/; classtype:trojan-activity;sid:84726434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.31.81.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863333/; classtype:trojan-activity;sid:84726433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.138.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863332/; classtype:trojan-activity;sid:84726432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.146.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863331/; classtype:trojan-activity;sid:84726431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.30.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863330/; classtype:trojan-activity;sid:84726430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863329)"; flow:established,from_client; content:"GET"; http_method; content:"/499787d7-5314-47b9-baf6-ae9fd3db0683"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"eeqagxew.maharatmodiran.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863329/; classtype:trojan-activity;sid:84726429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863328)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=449d5145-fa7f-4892-a0c4-9f6a44b5ffc1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"t92hw5pi.nazariyeyadgiri.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863328/; classtype:trojan-activity;sid:84726428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.255.40.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863327/; classtype:trojan-activity;sid:84726427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.40.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863326/; classtype:trojan-activity;sid:84726426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863325)"; flow:established,from_client; content:"GET"; http_method; content:"/a9c4c827-2bd1-40a7-aa19-abb15093d431"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cwsvmar.qurankarim.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863325/; classtype:trojan-activity;sid:84726425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863324/; classtype:trojan-activity;sid:84726424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.27.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863323/; classtype:trojan-activity;sid:84726423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.30.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863322/; classtype:trojan-activity;sid:84726422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.35.78.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863321/; classtype:trojan-activity;sid:84726421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.157.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863320/; classtype:trojan-activity;sid:84726420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.160.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863319/; classtype:trojan-activity;sid:84726419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.157.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863318/; classtype:trojan-activity;sid:84726418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863317)"; flow:established,from_client; content:"GET"; http_method; content:"/6df0f37a-6ec1-4edb-a16f-4a1b7c198e78"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bjihnqisx.bankefile.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863317/; classtype:trojan-activity;sid:84726417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863316)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=f648a76c-b42c-424b-b9d8-060d8a2e7ad0"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ywnrmpf8.rasmfani.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863316/; classtype:trojan-activity;sid:84726416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.138.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863315/; classtype:trojan-activity;sid:84726415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863314)"; flow:established,from_client; content:"GET"; http_method; content:"/6bb7c077-e0c0-49f3-9828-7b5296dd5f8f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jkkksuzy.masaelmohandesi.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863314/; classtype:trojan-activity;sid:84726414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.83.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863313/; classtype:trojan-activity;sid:84726413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.171.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863312/; classtype:trojan-activity;sid:84726412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863311)"; flow:established,from_client; content:"GET"; http_method; content:"/b244e679-9ccb-4eaf-affc-10f429476cd9"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"kaiojocv.masirpayambari.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863311/; classtype:trojan-activity;sid:84726411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.212.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863310/; classtype:trojan-activity;sid:84726410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.171.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863309/; classtype:trojan-activity;sid:84726409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863308)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=06ba3cd0-7bae-411e-95cc-c6809e58aba5"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"933anmoo.azmoonhayeravani.shop"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863308/; classtype:trojan-activity;sid:84726408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863307)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=f6bced30-219b-47bd-a756-812cbcc2f235"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ljj8nzo0.ravansalamat.shop"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863307/; classtype:trojan-activity;sid:84726407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.43.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863306/; classtype:trojan-activity;sid:84726406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863305)"; flow:established,from_client; content:"GET"; http_method; content:"/4d6c968c-adb4-4f1a-a4b3-d12720bb3ef5"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ramsybxt.mechanickhodakarami.shop"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863305/; classtype:trojan-activity;sid:84726405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.20.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863304/; classtype:trojan-activity;sid:84726404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863303)"; flow:established,from_client; content:"GET"; http_method; content:"/b758971e-9c47-4a35-b457-766d8934041a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nkxkhfp.bet303.app"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863303/; classtype:trojan-activity;sid:84726403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.145.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863302/; classtype:trojan-activity;sid:84726402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.145.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863301/; classtype:trojan-activity;sid:84726401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863300)"; flow:established,from_client; content:"GET"; http_method; content:"/afb39240-456c-4786-b52a-ee542a939e45"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hlgwrpbh.mechanicsayalat.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863300/; classtype:trojan-activity;sid:84726400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863299)"; flow:established,from_client; content:"GET"; http_method; content:"/bfee13f3-ae5a-46ed-9261-5be8643867ab"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ffynigbdr.barnamenevisi.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863299/; classtype:trojan-activity;sid:84726399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863298)"; flow:established,from_client; content:"GET"; http_method; content:"/47483aff-5b01-49d9-bb2a-c286b0fe94cd"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nlxxwubqf.barnamenevisi.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863298/; classtype:trojan-activity;sid:84726398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.132.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863297/; classtype:trojan-activity;sid:84726397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863296)"; flow:established,from_client; content:"GET"; http_method; content:"/imgp/optimized_msi.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tmcksa.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863296/; classtype:trojan-activity;sid:84726396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863295)"; flow:established,from_client; content:"GET"; http_method; content:"/img_165308.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"robertsanchez.infinityfreeapp.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863295/; classtype:trojan-activity;sid:84726395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863294)"; flow:established,from_client; content:"GET"; http_method; content:"/ninja.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"agcestksa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863294/; classtype:trojan-activity;sid:84726394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863293)"; flow:established,from_client; content:"GET"; http_method; content:"/files/unique2/random.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863293/; classtype:trojan-activity;sid:84726393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.132.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863292/; classtype:trojan-activity;sid:84726392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.186.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863291/; classtype:trojan-activity;sid:84726391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863290)"; flow:established,from_client; content:"GET"; http_method; content:"/mix.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863290/; classtype:trojan-activity;sid:84726390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863289/; classtype:trojan-activity;sid:84726389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.179.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863288/; classtype:trojan-activity;sid:84726388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863287)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_f6edb9a78d132c35.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863287/; classtype:trojan-activity;sid:84726387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863285)"; flow:established,from_client; content:"GET"; http_method; content:"/a3f8d2/kaizen.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"83.142.209.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863285/; classtype:trojan-activity;sid:84726385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863286)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kaizen.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"83.142.209.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863286/; classtype:trojan-activity;sid:84726386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863284)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rupolicce2026.vercel.app"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863284/; classtype:trojan-activity;sid:84726384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863283)"; flow:established,from_client; content:"GET"; http_method; content:"/nebulaclient462773-4b.jar"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"nebulaclient.store"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863283/; classtype:trojan-activity;sid:84726383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863282)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=97743916-fba3-4189-b5b3-3d05303465fc"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"98jhjysx.ehtemalatvaamar.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863282/; classtype:trojan-activity;sid:84726382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863281)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c3a41c7b-ec39-47e1-95ce-eb70ddeb15d3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"znrax5pn.qurandownload.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863281/; classtype:trojan-activity;sid:84726381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863280)"; flow:established,from_client; content:"GET"; http_method; content:"/ed1dfa85-7c77-4dbe-b3e5-0eebddfad571"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nibfzvsq.hugugbime.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863280/; classtype:trojan-activity;sid:84726380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.86.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863279/; classtype:trojan-activity;sid:84726379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.75.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863278/; classtype:trojan-activity;sid:84726378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.86.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863277/; classtype:trojan-activity;sid:84726377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.20.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863276/; classtype:trojan-activity;sid:84726376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863275)"; flow:established,from_client; content:"GET"; http_method; content:"/453cfc8d-2e6a-4f57-8c09-c3d484a678d4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"iacozlci.hugugdaryayi.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863275/; classtype:trojan-activity;sid:84726375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.199.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863274/; classtype:trojan-activity;sid:84726374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863273)"; flow:established,from_client; content:"GET"; http_method; content:"/db594d14-0456-4982-ba21-5ca2cbf5cb10"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jksidxrvz.bookdrive.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863273/; classtype:trojan-activity;sid:84726373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863272)"; flow:established,from_client; content:"GET"; http_method; content:"/cef931d1-8bde-48a5-bfee-f33d899220cf"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cmkfhtt.bet303.promo"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863272/; classtype:trojan-activity;sid:84726372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.20.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863271/; classtype:trojan-activity;sid:84726371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.199.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863270/; classtype:trojan-activity;sid:84726370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.69.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863269/; classtype:trojan-activity;sid:84726369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863268)"; flow:established,from_client; content:"GET"; http_method; content:"/484be5c9-1685-494b-87eb-466e86857d09"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hqvgwxfu.hugugedari.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863268/; classtype:trojan-activity;sid:84726368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.25.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863267/; classtype:trojan-activity;sid:84726367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863266)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=54a45800-4f63-4a25-8e56-a5b1f3354a65"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"zet9r6gg.nahjolbalage.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863266/; classtype:trojan-activity;sid:84726366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.226.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863265/; classtype:trojan-activity;sid:84726365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863264)"; flow:established,from_client; content:"GET"; http_method; content:"/spy.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863264/; classtype:trojan-activity;sid:84726364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.25.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863263/; classtype:trojan-activity;sid:84726363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.251.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863262/; classtype:trojan-activity;sid:84726362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863261)"; flow:established,from_client; content:"GET"; http_method; content:"/rtk.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863261/; classtype:trojan-activity;sid:84726361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863260)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=406d4e27-a2a2-41ca-a250-ccbd2d9c4836"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"3ze86kcn.azmoondadrasi.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863260/; classtype:trojan-activity;sid:84726360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.188.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863259/; classtype:trojan-activity;sid:84726359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863258)"; flow:established,from_client; content:"GET"; http_method; content:"/4ea765ec-7c07-4245-83a1-ddc5f3fa89d9"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bhmgwxvu.hugugmadani3.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863258/; classtype:trojan-activity;sid:84726358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.208.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863257/; classtype:trojan-activity;sid:84726357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863256)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1b25d2df-f9c0-4c13-bc63-0a53e3de6018"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"nzg52z19.questionstest.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863256/; classtype:trojan-activity;sid:84726356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.208.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863255/; classtype:trojan-activity;sid:84726355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.89.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863254/; classtype:trojan-activity;sid:84726354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863253/; classtype:trojan-activity;sid:84726353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.89.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863252/; classtype:trojan-activity;sid:84726352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.176.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863251/; classtype:trojan-activity;sid:84726351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863250)"; flow:established,from_client; content:"GET"; http_method; content:"/lsge63sd3/ok.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"spasopro.at"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863250/; classtype:trojan-activity;sid:84726350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863249/; classtype:trojan-activity;sid:84726349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.176.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863248/; classtype:trojan-activity;sid:84726348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.17.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863247/; classtype:trojan-activity;sid:84726347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863246)"; flow:established,from_client; content:"GET"; http_method; content:"/fda7bb3e-bf97-4309-a400-f2cd1b0109c0"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mymrtijp.hugugmadani6.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863246/; classtype:trojan-activity;sid:84726346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.40.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863245/; classtype:trojan-activity;sid:84726345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.40.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863244/; classtype:trojan-activity;sid:84726344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863243/; classtype:trojan-activity;sid:84726343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.235.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863242/; classtype:trojan-activity;sid:84726342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.36.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863241/; classtype:trojan-activity;sid:84726341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863240)"; flow:established,from_client; content:"GET"; http_method; content:"/3ff001c6-3aa4-4437-a53d-24bd6b68cd72"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"yrchbzyin.ecologyardakani.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863240/; classtype:trojan-activity;sid:84726340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.15.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863238/; classtype:trojan-activity;sid:84726338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.38.67.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863239/; classtype:trojan-activity;sid:84726339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.17.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863237/; classtype:trojan-activity;sid:84726337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.226.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863236/; classtype:trojan-activity;sid:84726336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863235)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.69.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863235/; classtype:trojan-activity;sid:84726335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863234)"; flow:established,from_client; content:"GET"; http_method; content:"/16af109d-613e-49dd-afb6-0324c46125c2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"amrzjixs.hugugmadanikatouzian.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863234/; classtype:trojan-activity;sid:84726334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.37.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863233/; classtype:trojan-activity;sid:84726333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863228)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863228/; classtype:trojan-activity;sid:84726328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863229)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863229/; classtype:trojan-activity;sid:84726329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863230)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863230/; classtype:trojan-activity;sid:84726330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863231)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863231/; classtype:trojan-activity;sid:84726331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863232)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863232/; classtype:trojan-activity;sid:84726332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863227)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/loader.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.227.108.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863227/; classtype:trojan-activity;sid:84726327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.231.145.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863226/; classtype:trojan-activity;sid:84726326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863225)"; flow:established,from_client; content:"GET"; http_method; content:"/59175a1f-2cd3-42a7-9064-871782a14665"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"namrqlix.hugugnasiri.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863225/; classtype:trojan-activity;sid:84726325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.15.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863224/; classtype:trojan-activity;sid:84726324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.37.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863223/; classtype:trojan-activity;sid:84726323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863220)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"node-tls.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863220/; classtype:trojan-activity;sid:84726320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863221)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"node-tls.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863221/; classtype:trojan-activity;sid:84726321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863222)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"node.bot.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863222/; classtype:trojan-activity;sid:84726322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863218)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=40ec8981-3017-455d-8b1f-065d84c04839"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ghdre2hy.geotechnictahuni.store"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863218/; classtype:trojan-activity;sid:84726318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863219)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c486cbe8-7fd5-4b2c-a94a-b746aa4a81ba"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"02y48l3v.asibshenasiyahya.shop"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863219/; classtype:trojan-activity;sid:84726319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863214)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"poland.dekma-gay.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863214/; classtype:trojan-activity;sid:84726314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863215)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"grafana.bot.dekma-gay.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863215/; classtype:trojan-activity;sid:84726315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863216)"; flow:established,from_client; content:"GET"; http_method; content:"/all.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"node-tls.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863216/; classtype:trojan-activity;sid:84726316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863217)"; flow:established,from_client; content:"GET"; http_method; content:"/all.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"node.bot.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863217/; classtype:trojan-activity;sid:84726317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863210)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"node-tls.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863210/; classtype:trojan-activity;sid:84726310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863211)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"grafana.bot.dekma-gay.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863211/; classtype:trojan-activity;sid:84726311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863212)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"grafana.bot.dekma-gay.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863212/; classtype:trojan-activity;sid:84726312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863213)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"node.bot.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863213/; classtype:trojan-activity;sid:84726313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863195)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"poland.dekma-gay.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863195/; classtype:trojan-activity;sid:84726295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863196)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"node.bot.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863196/; classtype:trojan-activity;sid:84726296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863197)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"poland.dekma-gay.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863197/; classtype:trojan-activity;sid:84726297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863198)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"node.bot.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863198/; classtype:trojan-activity;sid:84726298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863199)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"node.bot.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863199/; classtype:trojan-activity;sid:84726299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863200)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"node-tls.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863200/; classtype:trojan-activity;sid:84726300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863201)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"node-tls.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863201/; classtype:trojan-activity;sid:84726301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863202)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"node-tls.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863202/; classtype:trojan-activity;sid:84726302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863203)"; flow:established,from_client; content:"GET"; http_method; content:"/all.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"poland.dekma-gay.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863203/; classtype:trojan-activity;sid:84726303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863204)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"poland.dekma-gay.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863204/; classtype:trojan-activity;sid:84726304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863205)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"grafana.bot.dekma-gay.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863205/; classtype:trojan-activity;sid:84726305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863206)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"grafana.bot.dekma-gay.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863206/; classtype:trojan-activity;sid:84726306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863207)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"poland.dekma-gay.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863207/; classtype:trojan-activity;sid:84726307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863208)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"node.bot.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863208/; classtype:trojan-activity;sid:84726308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863209)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"node.bot.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863209/; classtype:trojan-activity;sid:84726309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863193)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"grafana.bot.dekma-gay.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863193/; classtype:trojan-activity;sid:84726293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863194)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"poland.dekma-gay.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863194/; classtype:trojan-activity;sid:84726294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863192)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"node-tls.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863192/; classtype:trojan-activity;sid:84726292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863190)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"node.bot.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863190/; classtype:trojan-activity;sid:84726290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863191)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"grafana.bot.dekma-gay.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863191/; classtype:trojan-activity;sid:84726291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863163)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"poland.dekma-gay.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863163/; classtype:trojan-activity;sid:84726263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863164)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"node-tls.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863164/; classtype:trojan-activity;sid:84726264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863165)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"grafana.bot.dekma-gay.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863165/; classtype:trojan-activity;sid:84726265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863166)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"node.bot.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863166/; classtype:trojan-activity;sid:84726266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863167)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"poland.dekma-gay.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863167/; classtype:trojan-activity;sid:84726267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863168)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"grafana.bot.dekma-gay.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863168/; classtype:trojan-activity;sid:84726268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863169)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"node.bot.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863169/; classtype:trojan-activity;sid:84726269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863170)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"poland.dekma-gay.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863170/; classtype:trojan-activity;sid:84726270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863171)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"node-tls.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863171/; classtype:trojan-activity;sid:84726271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863172)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"node.bot.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863172/; classtype:trojan-activity;sid:84726272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863173)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"poland.dekma-gay.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863173/; classtype:trojan-activity;sid:84726273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863174)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"grafana.bot.dekma-gay.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863174/; classtype:trojan-activity;sid:84726274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863175)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"node-tls.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863175/; classtype:trojan-activity;sid:84726275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863176)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"poland.dekma-gay.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863176/; classtype:trojan-activity;sid:84726276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863177)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"node.bot.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863177/; classtype:trojan-activity;sid:84726277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863178)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"node.bot.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863178/; classtype:trojan-activity;sid:84726278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863179)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"node.bot.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863179/; classtype:trojan-activity;sid:84726279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863180)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"grafana.bot.dekma-gay.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863180/; classtype:trojan-activity;sid:84726280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863181)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"grafana.bot.dekma-gay.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863181/; classtype:trojan-activity;sid:84726281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863182)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"poland.dekma-gay.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863182/; classtype:trojan-activity;sid:84726282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863183)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"node-tls.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863183/; classtype:trojan-activity;sid:84726283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863184)"; flow:established,from_client; content:"GET"; http_method; content:"/all.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"grafana.bot.dekma-gay.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863184/; classtype:trojan-activity;sid:84726284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863185)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"grafana.bot.dekma-gay.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863185/; classtype:trojan-activity;sid:84726285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863186)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"poland.dekma-gay.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863186/; classtype:trojan-activity;sid:84726286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863187)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"grafana.bot.dekma-gay.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863187/; classtype:trojan-activity;sid:84726287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863188)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"grafana.bot.dekma-gay.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863188/; classtype:trojan-activity;sid:84726288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863189)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"node-tls.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863189/; classtype:trojan-activity;sid:84726289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863155)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"node-tls.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863155/; classtype:trojan-activity;sid:84726255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863156)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"node.bot.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863156/; classtype:trojan-activity;sid:84726256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863157)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"node.bot.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863157/; classtype:trojan-activity;sid:84726257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863158)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"node-tls.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863158/; classtype:trojan-activity;sid:84726258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863159)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"node-tls.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863159/; classtype:trojan-activity;sid:84726259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863160)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"grafana.bot.dekma-gay.ru"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863160/; classtype:trojan-activity;sid:84726260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863161)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"poland.dekma-gay.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863161/; classtype:trojan-activity;sid:84726261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863162)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"node-tls.dekma-gay.ru"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863162/; classtype:trojan-activity;sid:84726262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863153)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"poland.dekma-gay.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863153/; classtype:trojan-activity;sid:84726253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863154)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"poland.dekma-gay.ru"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863154/; classtype:trojan-activity;sid:84726254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.173.159.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863152/; classtype:trojan-activity;sid:84726252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.202.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863151/; classtype:trojan-activity;sid:84726251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863143)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.137.198.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863143/; classtype:trojan-activity;sid:84726243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863144)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.137.198.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863144/; classtype:trojan-activity;sid:84726244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863145)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.137.198.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863145/; classtype:trojan-activity;sid:84726245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863146)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.137.198.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863146/; classtype:trojan-activity;sid:84726246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863147)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.137.198.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863147/; classtype:trojan-activity;sid:84726247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863148)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.137.198.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863148/; classtype:trojan-activity;sid:84726248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863149)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.137.198.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863149/; classtype:trojan-activity;sid:84726249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863150)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.137.198.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863150/; classtype:trojan-activity;sid:84726250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863140)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.137.198.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863140/; classtype:trojan-activity;sid:84726240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863141)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.137.198.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863141/; classtype:trojan-activity;sid:84726241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863142)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.137.198.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863142/; classtype:trojan-activity;sid:84726242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863137)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.137.198.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863137/; classtype:trojan-activity;sid:84726237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863138)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.137.198.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863138/; classtype:trojan-activity;sid:84726238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863139)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.137.198.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863139/; classtype:trojan-activity;sid:84726239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.181.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863136/; classtype:trojan-activity;sid:84726236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.169.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863135/; classtype:trojan-activity;sid:84726235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863134)"; flow:established,from_client; content:"GET"; http_method; content:"/80cc8e26-7bc5-4c7d-8101-0a5b92295d09"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"omzuslys.hugugtatbigi.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863134/; classtype:trojan-activity;sid:84726234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863133)"; flow:established,from_client; content:"GET"; http_method; content:"/4d9bf206-4f02-4c29-bf31-3db8e617e484"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"yggwvgi.ramzfile.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863133/; classtype:trojan-activity;sid:84726233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.138.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863132/; classtype:trojan-activity;sid:84726232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.181.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863131/; classtype:trojan-activity;sid:84726231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863130)"; flow:established,from_client; content:"GET"; http_method; content:"/dc1b3ebf-91df-413b-91ba-1f82af745ae6"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"btbwehpkp.drivingbook.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863130/; classtype:trojan-activity;sid:84726230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.169.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863129/; classtype:trojan-activity;sid:84726229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.57.51.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863128/; classtype:trojan-activity;sid:84726228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.9.182"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863127/; classtype:trojan-activity;sid:84726227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863126)"; flow:established,from_client; content:"GET"; http_method; content:"/3f399f2f-2a11-45e1-af84-244e7f064d11"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zhrzviveu.downloadquran.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863126/; classtype:trojan-activity;sid:84726226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.128.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863125/; classtype:trojan-activity;sid:84726225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.163.134.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863124/; classtype:trojan-activity;sid:84726224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863123)"; flow:established,from_client; content:"GET"; http_method; content:"/1657364a-1956-4cd2-ae36-55e64ae844a6"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ieemaju.akhlageslami.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863123/; classtype:trojan-activity;sid:84726223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.138.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863122/; classtype:trojan-activity;sid:84726222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.75.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863121/; classtype:trojan-activity;sid:84726221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863120)"; flow:established,from_client; content:"GET"; http_method; content:"/8bb317e6-773c-4c21-a4fa-c6434ad3269a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zyuhgbux.hugugtejarat4.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863120/; classtype:trojan-activity;sid:84726220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.95.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863119/; classtype:trojan-activity;sid:84726219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.137.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863118/; classtype:trojan-activity;sid:84726218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.227.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863117/; classtype:trojan-activity;sid:84726217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.163.134.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863116/; classtype:trojan-activity;sid:84726216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863103)"; flow:established,from_client; content:"GET"; http_method; content:"/7e8a8c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863103/; classtype:trojan-activity;sid:84726203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863104)"; flow:established,from_client; content:"GET"; http_method; content:"/caa275"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863104/; classtype:trojan-activity;sid:84726204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863105)"; flow:established,from_client; content:"GET"; http_method; content:"/906033"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863105/; classtype:trojan-activity;sid:84726205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863106)"; flow:established,from_client; content:"GET"; http_method; content:"/70cc1c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863106/; classtype:trojan-activity;sid:84726206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863107)"; flow:established,from_client; content:"GET"; http_method; content:"/e59d20"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863107/; classtype:trojan-activity;sid:84726207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863108)"; flow:established,from_client; content:"GET"; http_method; content:"/861c97"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863108/; classtype:trojan-activity;sid:84726208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863109)"; flow:established,from_client; content:"GET"; http_method; content:"/d8525d"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863109/; classtype:trojan-activity;sid:84726209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863110)"; flow:established,from_client; content:"GET"; http_method; content:"/50c7a6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863110/; classtype:trojan-activity;sid:84726210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863111)"; flow:established,from_client; content:"GET"; http_method; content:"/e44d32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863111/; classtype:trojan-activity;sid:84726211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863112)"; flow:established,from_client; content:"GET"; http_method; content:"/ec5282"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863112/; classtype:trojan-activity;sid:84726212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863113)"; flow:established,from_client; content:"GET"; http_method; content:"/f0e44b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863113/; classtype:trojan-activity;sid:84726213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863114)"; flow:established,from_client; content:"GET"; http_method; content:"/f554e9"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863114/; classtype:trojan-activity;sid:84726214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863115)"; flow:established,from_client; content:"GET"; http_method; content:"/0846e8"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863115/; classtype:trojan-activity;sid:84726215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863098)"; flow:established,from_client; content:"GET"; http_method; content:"/82b2c0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863098/; classtype:trojan-activity;sid:84726198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863099)"; flow:established,from_client; content:"GET"; http_method; content:"/a8db4d"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863099/; classtype:trojan-activity;sid:84726199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863100)"; flow:established,from_client; content:"GET"; http_method; content:"/b0e1c3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863100/; classtype:trojan-activity;sid:84726200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863101)"; flow:established,from_client; content:"GET"; http_method; content:"/4dc442"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863101/; classtype:trojan-activity;sid:84726201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863102)"; flow:established,from_client; content:"GET"; http_method; content:"/54660b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863102/; classtype:trojan-activity;sid:84726202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863097)"; flow:established,from_client; content:"GET"; http_method; content:"/4ab9a6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863097/; classtype:trojan-activity;sid:84726197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863092)"; flow:established,from_client; content:"GET"; http_method; content:"/63cba2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863092/; classtype:trojan-activity;sid:84726192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863093)"; flow:established,from_client; content:"GET"; http_method; content:"/3f5b35"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863093/; classtype:trojan-activity;sid:84726193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863094)"; flow:established,from_client; content:"GET"; http_method; content:"/f01921"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863094/; classtype:trojan-activity;sid:84726194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863095)"; flow:established,from_client; content:"GET"; http_method; content:"/f1cc53"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863095/; classtype:trojan-activity;sid:84726195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863096)"; flow:established,from_client; content:"GET"; http_method; content:"/8715c3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863096/; classtype:trojan-activity;sid:84726196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.75.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863091/; classtype:trojan-activity;sid:84726191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.84.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863090/; classtype:trojan-activity;sid:84726190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.137.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863089/; classtype:trojan-activity;sid:84726189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.95.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863088/; classtype:trojan-activity;sid:84726188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863087)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863087/; classtype:trojan-activity;sid:84726187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863086)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_450f56fd01ac5677.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863086/; classtype:trojan-activity;sid:84726186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863085)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863085/; classtype:trojan-activity;sid:84726185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863079)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863079/; classtype:trojan-activity;sid:84726179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863080)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863080/; classtype:trojan-activity;sid:84726180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863081)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863081/; classtype:trojan-activity;sid:84726181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863082)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863082/; classtype:trojan-activity;sid:84726182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863083)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863083/; classtype:trojan-activity;sid:84726183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863084)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnarmxnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863084/; classtype:trojan-activity;sid:84726184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863078)"; flow:established,from_client; content:"GET"; http_method; content:"/all.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.137.198.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863078/; classtype:trojan-activity;sid:84726178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863074)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863074/; classtype:trojan-activity;sid:84726174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863075)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"45.13.186.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863075/; classtype:trojan-activity;sid:84726175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863076)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.137.198.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863076/; classtype:trojan-activity;sid:84726176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863077)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"45.137.198.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863077/; classtype:trojan-activity;sid:84726177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863073)"; flow:established,from_client; content:"GET"; http_method; content:"/675c6a3b-4eee-41cd-9e69-f3256043f7f2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fdmjhbre.jamjahani2026.football"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863073/; classtype:trojan-activity;sid:84726173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.136.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863072/; classtype:trojan-activity;sid:84726172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863071)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=9729fc8e-b337-42c7-b425-00acf0827f4d"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"kv5kk9gr.angizeshfarahani.store"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863071/; classtype:trojan-activity;sid:84726171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.136.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863070/; classtype:trojan-activity;sid:84726170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863069)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=548f0853-1276-43aa-a410-7ecb2ee3a629"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"6f4t5lvt.fununetadris.shop"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863069/; classtype:trojan-activity;sid:84726169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.112.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863068/; classtype:trojan-activity;sid:84726168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863067)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d5b9d092-02c5-4598-8b1a-8098648447e2"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"2chci0sm.andisheeslami2.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863067/; classtype:trojan-activity;sid:84726167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863066)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_95d2c71c3ff1d697.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863066/; classtype:trojan-activity;sid:84726166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.145.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863065/; classtype:trojan-activity;sid:84726165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.51.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863064/; classtype:trojan-activity;sid:84726164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863063)"; flow:established,from_client; content:"GET"; http_method; content:"/c31a92dd-61d7-4147-9c5d-d9c843c39e7b"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gimomouf.red90.casino"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863063/; classtype:trojan-activity;sid:84726163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.189.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863062/; classtype:trojan-activity;sid:84726162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.189.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863061/; classtype:trojan-activity;sid:84726161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.169.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863060/; classtype:trojan-activity;sid:84726160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863059)"; flow:established,from_client; content:"GET"; http_method; content:"/1f6e771b-8281-4eb5-b608-04641391078f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nnvavkl.bet303.promo"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863059/; classtype:trojan-activity;sid:84726159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.51.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863058/; classtype:trojan-activity;sid:84726158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.239.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863057/; classtype:trojan-activity;sid:84726157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863056)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=a0a85d10-ab10-4afc-99ed-21801fc9bc0d"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"p5k42qtw.anodaz.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863056/; classtype:trojan-activity;sid:84726156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.39.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863055/; classtype:trojan-activity;sid:84726155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863054)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_fb3629ad5ff3ae35.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863054/; classtype:trojan-activity;sid:84726154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863053)"; flow:established,from_client; content:"GET"; http_method; content:"/be9cee05-44b4-4661-8e48-7d5b381d51d7"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gwofphogw.differentialmamuli.store"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863053/; classtype:trojan-activity;sid:84726153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.77.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863052/; classtype:trojan-activity;sid:84726152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863051)"; flow:established,from_client; content:"GET"; http_method; content:"/847b2847-c44b-48ad-ab00-d245f7e7357d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"whjdetcc.wrfc8.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863051/; classtype:trojan-activity;sid:84726151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.169.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863050/; classtype:trojan-activity;sid:84726150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863049)"; flow:established,from_client; content:"GET"; http_method; content:"/e44b2fd8-e901-4483-80be-6b3e50d6b238"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qnjutqs.bet303.app"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863049/; classtype:trojan-activity;sid:84726149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.71.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863048/; classtype:trojan-activity;sid:84726148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863047)"; flow:established,from_client; content:"GET"; http_method; content:"/552618fb-2f2e-4eb0-98b4-cf081f561638"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"kwoptitn.restaurantguideaarhus.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863047/; classtype:trojan-activity;sid:84726147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.122.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863046/; classtype:trojan-activity;sid:84726146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863045)"; flow:established,from_client; content:"GET"; http_method; content:"/ca8afdf5-f7f7-4d3f-a73c-fb6e3841160d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"yvlenqci.rial.bet"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863045/; classtype:trojan-activity;sid:84726145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.153.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863044/; classtype:trojan-activity;sid:84726144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.242.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863043/; classtype:trojan-activity;sid:84726143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.10.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863042/; classtype:trojan-activity;sid:84726142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863041)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=f23e8ed9-47b8-409c-99c5-2edaa13aaa46"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"s8a20vxh.gavaedfagahe.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863041/; classtype:trojan-activity;sid:84726141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.151.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863040/; classtype:trojan-activity;sid:84726140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863039)"; flow:established,from_client; content:"GET"; http_method; content:"/telnet.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.226.92.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863039/; classtype:trojan-activity;sid:84726139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.72.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863037/; classtype:trojan-activity;sid:84726137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.156.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863038/; classtype:trojan-activity;sid:84726138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.38.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863036/; classtype:trojan-activity;sid:84726136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863025)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"142.93.165.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863025/; classtype:trojan-activity;sid:84726125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863026)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"142.93.165.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863026/; classtype:trojan-activity;sid:84726126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863027)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"142.93.165.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863027/; classtype:trojan-activity;sid:84726127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863028)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"142.93.165.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863028/; classtype:trojan-activity;sid:84726128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863029)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"142.93.165.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863029/; classtype:trojan-activity;sid:84726129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863030)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"142.93.165.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863030/; classtype:trojan-activity;sid:84726130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863031)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"142.93.165.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863031/; classtype:trojan-activity;sid:84726131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863032)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"142.93.165.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863032/; classtype:trojan-activity;sid:84726132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863033)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"142.93.165.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863033/; classtype:trojan-activity;sid:84726133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863034)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"142.93.165.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863034/; classtype:trojan-activity;sid:84726134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863035)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"142.93.165.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863035/; classtype:trojan-activity;sid:84726135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863024)"; flow:established,from_client; content:"GET"; http_method; content:"/d/8b04319774a917eb/init.sh"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"193.32.162.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863024/; classtype:trojan-activity;sid:84726124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.118.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863023/; classtype:trojan-activity;sid:84726123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863022)"; flow:established,from_client; content:"GET"; http_method; content:"/16020572.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"27.124.40.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863022/; classtype:trojan-activity;sid:84726122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863021)"; flow:established,from_client; content:"GET"; http_method; content:"/monitors.sys"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"27.124.40.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863021/; classtype:trojan-activity;sid:84726121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.31.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863020/; classtype:trojan-activity;sid:84726120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863019)"; flow:established,from_client; content:"GET"; http_method; content:"/qqib-j3ob-picl-3175/img_iktczd.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863019/; classtype:trojan-activity;sid:84726119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863018)"; flow:established,from_client; content:"GET"; http_method; content:"/img_142806.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gboutros.howto.rocks"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863018/; classtype:trojan-activity;sid:84726118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.52.180.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863017/; classtype:trojan-activity;sid:84726117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863016)"; flow:established,from_client; content:"GET"; http_method; content:"/e53580b1-8be2-4270-a72d-ffa456000476"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hzvvlqps.mechanicsayalat.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863016/; classtype:trojan-activity;sid:84726116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.36.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863015/; classtype:trojan-activity;sid:84726115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.118.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863014/; classtype:trojan-activity;sid:84726114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.243.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863013/; classtype:trojan-activity;sid:84726113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.10.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863012/; classtype:trojan-activity;sid:84726112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.242.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863011/; classtype:trojan-activity;sid:84726111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.38.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863010/; classtype:trojan-activity;sid:84726110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.165.125.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863009/; classtype:trojan-activity;sid:84726109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863008)"; flow:established,from_client; content:"GET"; http_method; content:"/1b7fe9c5-cc6e-4de0-81b8-9bb134e231bf"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"taiquge.lincoplus.xyz"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863008/; classtype:trojan-activity;sid:84726108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863007)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=06e93ab9-e7bc-4762-9821-315e0d727aff"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1v6le0j1.andisheeslami2.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863007/; classtype:trojan-activity;sid:84726107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863006)"; flow:established,from_client; content:"GET"; http_method; content:"/1.d00"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"154.198.50.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863006/; classtype:trojan-activity;sid:84726106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863005)"; flow:established,from_client; content:"GET"; http_method; content:"/dusbng.res"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"154.198.50.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863005/; classtype:trojan-activity;sid:84726105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863003)"; flow:established,from_client; content:"GET"; http_method; content:"/1.1x1"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"154.198.50.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863003/; classtype:trojan-activity;sid:84726103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863004)"; flow:established,from_client; content:"GET"; http_method; content:"/dlters.xm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.198.50.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863004/; classtype:trojan-activity;sid:84726104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.9.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863002/; classtype:trojan-activity;sid:84726102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863001)"; flow:established,from_client; content:"GET"; http_method; content:"/329611a7-2f4b-4184-948a-d9fde841a071"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"njwjijvlf.differentialkerayechiyan.store"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863001/; classtype:trojan-activity;sid:84726101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3863000)"; flow:established,from_client; content:"GET"; http_method; content:"/9b318386-ba10-43fb-9a9e-31da74b70867"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"tqwyxfee.mechanickhodakarami.shop"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3863000/; classtype:trojan-activity;sid:84726100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.165.125.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862999/; classtype:trojan-activity;sid:84726099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.183.47.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862998/; classtype:trojan-activity;sid:84726098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862996)"; flow:established,from_client; content:"GET"; http_method; content:"/phf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862996/; classtype:trojan-activity;sid:84726096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862997)"; flow:established,from_client; content:"GET"; http_method; content:"/6blp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862997/; classtype:trojan-activity;sid:84726097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862992)"; flow:established,from_client; content:"GET"; http_method; content:"/devy"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862992/; classtype:trojan-activity;sid:84726092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862993)"; flow:established,from_client; content:"GET"; http_method; content:"/ldpg"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862993/; classtype:trojan-activity;sid:84726093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862994)"; flow:established,from_client; content:"GET"; http_method; content:"/xdd5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862994/; classtype:trojan-activity;sid:84726094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862995)"; flow:established,from_client; content:"GET"; http_method; content:"/mffg"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862995/; classtype:trojan-activity;sid:84726095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862990)"; flow:established,from_client; content:"GET"; http_method; content:"/ocju"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862990/; classtype:trojan-activity;sid:84726090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862991)"; flow:established,from_client; content:"GET"; http_method; content:"/u5h1"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862991/; classtype:trojan-activity;sid:84726091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862988)"; flow:established,from_client; content:"GET"; http_method; content:"/olc7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862988/; classtype:trojan-activity;sid:84726088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862989)"; flow:established,from_client; content:"GET"; http_method; content:"/ouf8"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862989/; classtype:trojan-activity;sid:84726089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862987)"; flow:established,from_client; content:"GET"; http_method; content:"/lfg"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862987/; classtype:trojan-activity;sid:84726087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862984)"; flow:established,from_client; content:"GET"; http_method; content:"/onsn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862984/; classtype:trojan-activity;sid:84726084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862985)"; flow:established,from_client; content:"GET"; http_method; content:"/binary/kwari.m65k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.234.100.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862985/; classtype:trojan-activity;sid:84726085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862986)"; flow:established,from_client; content:"GET"; http_method; content:"/ylc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862986/; classtype:trojan-activity;sid:84726086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862983)"; flow:established,from_client; content:"GET"; http_method; content:"/h1fo"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862983/; classtype:trojan-activity;sid:84726083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862982)"; flow:established,from_client; content:"GET"; http_method; content:"/9fu"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862982/; classtype:trojan-activity;sid:84726082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862977)"; flow:established,from_client; content:"GET"; http_method; content:"/meze"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862977/; classtype:trojan-activity;sid:84726077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862978)"; flow:established,from_client; content:"GET"; http_method; content:"/mok0"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862978/; classtype:trojan-activity;sid:84726078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862979)"; flow:established,from_client; content:"GET"; http_method; content:"/2dca37"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862979/; classtype:trojan-activity;sid:84726079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862980)"; flow:established,from_client; content:"GET"; http_method; content:"/5bc63b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862980/; classtype:trojan-activity;sid:84726080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862981)"; flow:established,from_client; content:"GET"; http_method; content:"/ed58c3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862981/; classtype:trojan-activity;sid:84726081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862970)"; flow:established,from_client; content:"GET"; http_method; content:"/q2mt"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862970/; classtype:trojan-activity;sid:84726070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862971)"; flow:established,from_client; content:"GET"; http_method; content:"/8e8625"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862971/; classtype:trojan-activity;sid:84726071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862972)"; flow:established,from_client; content:"GET"; http_method; content:"/fd832a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862972/; classtype:trojan-activity;sid:84726072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862973)"; flow:established,from_client; content:"GET"; http_method; content:"/6cd3af"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862973/; classtype:trojan-activity;sid:84726073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862974)"; flow:established,from_client; content:"GET"; http_method; content:"/f080e1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862974/; classtype:trojan-activity;sid:84726074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862975)"; flow:established,from_client; content:"GET"; http_method; content:"/3aa259"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862975/; classtype:trojan-activity;sid:84726075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862976)"; flow:established,from_client; content:"GET"; http_method; content:"/2be1a2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862976/; classtype:trojan-activity;sid:84726076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862968)"; flow:established,from_client; content:"GET"; http_method; content:"/ygn7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862968/; classtype:trojan-activity;sid:84726068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862969)"; flow:established,from_client; content:"GET"; http_method; content:"/qaxx"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862969/; classtype:trojan-activity;sid:84726069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862964)"; flow:established,from_client; content:"GET"; http_method; content:"/tvh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862964/; classtype:trojan-activity;sid:84726064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862965)"; flow:established,from_client; content:"GET"; http_method; content:"/2ph4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862965/; classtype:trojan-activity;sid:84726065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862966)"; flow:established,from_client; content:"GET"; http_method; content:"/e7fb51"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862966/; classtype:trojan-activity;sid:84726066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862967)"; flow:established,from_client; content:"GET"; http_method; content:"/oqc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862967/; classtype:trojan-activity;sid:84726067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862962)"; flow:established,from_client; content:"GET"; http_method; content:"/3caeb1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862962/; classtype:trojan-activity;sid:84726062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862963)"; flow:established,from_client; content:"GET"; http_method; content:"/fdv"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862963/; classtype:trojan-activity;sid:84726063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862955)"; flow:established,from_client; content:"GET"; http_method; content:"/binary/kwari.pcc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.234.100.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862955/; classtype:trojan-activity;sid:84726055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862956)"; flow:established,from_client; content:"GET"; http_method; content:"/c229bf"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862956/; classtype:trojan-activity;sid:84726056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862957)"; flow:established,from_client; content:"GET"; http_method; content:"/7ea409"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862957/; classtype:trojan-activity;sid:84726057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862958)"; flow:established,from_client; content:"GET"; http_method; content:"/909fd4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862958/; classtype:trojan-activity;sid:84726058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862959)"; flow:established,from_client; content:"GET"; http_method; content:"/309e07"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862959/; classtype:trojan-activity;sid:84726059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862960)"; flow:established,from_client; content:"GET"; http_method; content:"/d1489d"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862960/; classtype:trojan-activity;sid:84726060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862961)"; flow:established,from_client; content:"GET"; http_method; content:"/b77984"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862961/; classtype:trojan-activity;sid:84726061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862949)"; flow:established,from_client; content:"GET"; http_method; content:"/60c20d"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862949/; classtype:trojan-activity;sid:84726049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862950)"; flow:established,from_client; content:"GET"; http_method; content:"/2f3ab1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862950/; classtype:trojan-activity;sid:84726050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862951)"; flow:established,from_client; content:"GET"; http_method; content:"/690be1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862951/; classtype:trojan-activity;sid:84726051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862952)"; flow:established,from_client; content:"GET"; http_method; content:"/5f0b1f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862952/; classtype:trojan-activity;sid:84726052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862953)"; flow:established,from_client; content:"GET"; http_method; content:"/53814e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862953/; classtype:trojan-activity;sid:84726053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862954)"; flow:established,from_client; content:"GET"; http_method; content:"/003259"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862954/; classtype:trojan-activity;sid:84726054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862936)"; flow:established,from_client; content:"GET"; http_method; content:"/7e4e10"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862936/; classtype:trojan-activity;sid:84726036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862937)"; flow:established,from_client; content:"GET"; http_method; content:"/774b97"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862937/; classtype:trojan-activity;sid:84726037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862938)"; flow:established,from_client; content:"GET"; http_method; content:"/471d97"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862938/; classtype:trojan-activity;sid:84726038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862939)"; flow:established,from_client; content:"GET"; http_method; content:"/1b57db"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862939/; classtype:trojan-activity;sid:84726039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862940)"; flow:established,from_client; content:"GET"; http_method; content:"/70e6c0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862940/; classtype:trojan-activity;sid:84726040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862941)"; flow:established,from_client; content:"GET"; http_method; content:"/e29dea"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862941/; classtype:trojan-activity;sid:84726041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862942)"; flow:established,from_client; content:"GET"; http_method; content:"/8be722"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862942/; classtype:trojan-activity;sid:84726042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862943)"; flow:established,from_client; content:"GET"; http_method; content:"/58a8ee"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862943/; classtype:trojan-activity;sid:84726043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862944)"; flow:established,from_client; content:"GET"; http_method; content:"/0379ad"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862944/; classtype:trojan-activity;sid:84726044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862945)"; flow:established,from_client; content:"GET"; http_method; content:"/8c085b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862945/; classtype:trojan-activity;sid:84726045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862946)"; flow:established,from_client; content:"GET"; http_method; content:"/f57bc8"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862946/; classtype:trojan-activity;sid:84726046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862947)"; flow:established,from_client; content:"GET"; http_method; content:"/fd6142"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862947/; classtype:trojan-activity;sid:84726047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862948)"; flow:established,from_client; content:"GET"; http_method; content:"/1cbafd"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862948/; classtype:trojan-activity;sid:84726048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862935)"; flow:established,from_client; content:"GET"; http_method; content:"/147738e5-b1f9-4558-b2de-4121df6ea8ce"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"slojemw.leaguejazire.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862935/; classtype:trojan-activity;sid:84726035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.9.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862934/; classtype:trojan-activity;sid:84726034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.183.47.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862933/; classtype:trojan-activity;sid:84726033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.176.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862932/; classtype:trojan-activity;sid:84726032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862931)"; flow:established,from_client; content:"GET"; http_method; content:"/a21cbc8f-bc4d-4bcb-b758-5b14552d23d8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"kuonnjkj.masirpayambari.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862931/; classtype:trojan-activity;sid:84726031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"138.124.123.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862929/; classtype:trojan-activity;sid:84726029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.112.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862930/; classtype:trojan-activity;sid:84726030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"138.124.123.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862928/; classtype:trojan-activity;sid:84726028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.158.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862927/; classtype:trojan-activity;sid:84726027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862926)"; flow:established,from_client; content:"GET"; http_method; content:"/pm/nova@trimnt.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"173.249.202.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862926/; classtype:trojan-activity;sid:84726026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.59.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862925/; classtype:trojan-activity;sid:84726025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862924)"; flow:established,from_client; content:"GET"; http_method; content:"/e758f631-9fed-4513-98c3-29e2e0309139"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"rlsrlwb.karbordriyaziyat.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862924/; classtype:trojan-activity;sid:84726024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.234.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862922/; classtype:trojan-activity;sid:84726022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862921)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=f5df9931-9242-43f8-8d34-fee161dbb622"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"4piqgfum.garatequran.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862921/; classtype:trojan-activity;sid:84726021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862920)"; flow:established,from_client; content:"GET"; http_method; content:"/57/goodthingsformebetterforme.hta"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"192.227.219.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862920/; classtype:trojan-activity;sid:84726020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862919)"; flow:established,from_client; content:"GET"; http_method; content:"/57/img_180418.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"192.227.219.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862919/; classtype:trojan-activity;sid:84726019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.158.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862918/; classtype:trojan-activity;sid:84726018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.176.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862917/; classtype:trojan-activity;sid:84726017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862916)"; flow:established,from_client; content:"GET"; http_method; content:"/view.php|3f|.pdf"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"1029304.loclx.io"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862916/; classtype:trojan-activity;sid:84726016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862915)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.59.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862915/; classtype:trojan-activity;sid:84726015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862914)"; flow:established,from_client; content:"GET"; http_method; content:"/5677e4a6-24e5-4238-8bc7-6aa57fce17e9"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"akhixcvw.masaelmohandesi.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862914/; classtype:trojan-activity;sid:84726014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862913)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/fonts/d.php|3f|f=katyusha2"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"ibcosociety.com.sa"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862913/; classtype:trojan-activity;sid:84726013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.20.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862912/; classtype:trojan-activity;sid:84726012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862911)"; flow:established,from_client; content:"GET"; http_method; content:"/4f027f16-2260-4970-8489-294891ab6a32"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qlvwxer.karafarini.shop"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862911/; classtype:trojan-activity;sid:84726011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.237.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862910/; classtype:trojan-activity;sid:84726010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862909)"; flow:established,from_client; content:"GET"; http_method; content:"/144.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"scaleyou.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862909/; classtype:trojan-activity;sid:84726009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862908)"; flow:established,from_client; content:"GET"; http_method; content:"/3.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"scaleyou.com.br"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862908/; classtype:trojan-activity;sid:84726008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862907/; classtype:trojan-activity;sid:84726007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.74.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862905/; classtype:trojan-activity;sid:84726005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.128.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862906/; classtype:trojan-activity;sid:84726006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862904)"; flow:established,from_client; content:"GET"; http_method; content:"/7d86bf40-0f2f-4096-939e-9be2ef877dee"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ifvtbgbf.maharatmodiran.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862904/; classtype:trojan-activity;sid:84726004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862903)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=0a4007bd-f3ce-43f0-8bcf-ae0a0c616f42"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ldmmsp6b.angizeshfarahani.store"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862903/; classtype:trojan-activity;sid:84726003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862902)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_37b904483beaa60e.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862902/; classtype:trojan-activity;sid:84726002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862901)"; flow:established,from_client; content:"GET"; http_method; content:"/447b2901-eb9b-40a5-9332-89f3a42c5207"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"dmwncnnnp.defamogadas.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862901/; classtype:trojan-activity;sid:84726001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.237.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862899/; classtype:trojan-activity;sid:84725999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.52.180.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862900/; classtype:trojan-activity;sid:84726000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862898)"; flow:established,from_client; content:"GET"; http_method; content:"/3d331bf9-0f79-4181-bba2-5dc9b2aa8a6c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bcwkesayq.defamogadas.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862898/; classtype:trojan-activity;sid:84725998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862897)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_84c11a4df62a17e9.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862897/; classtype:trojan-activity;sid:84725997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862896)"; flow:established,from_client; content:"GET"; http_method; content:"/a5480e34-7790-4b3b-8e8f-0d9d9f315492"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lkrugvhg.maharatmodiran.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862896/; classtype:trojan-activity;sid:84725996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.23.139.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862894/; classtype:trojan-activity;sid:84725994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.74.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862895/; classtype:trojan-activity;sid:84725995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862889)"; flow:established,from_client; content:"GET"; http_method; content:"/xdaqrkamfyzgowe.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"pub-56fcfc5f11f04341a91be50cb1de6a47.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862889/; classtype:trojan-activity;sid:84725989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862890)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php|3f|file=app.apk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.littleprincesstours.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862890/; classtype:trojan-activity;sid:84725990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862891)"; flow:established,from_client; content:"GET"; http_method; content:"/bebelo/jfttiwsmshalvieochkzbhn203.bin"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"sydneyaffordablecremations.com.au"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862891/; classtype:trojan-activity;sid:84725991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862888)"; flow:established,from_client; content:"GET"; http_method; content:"/d7e0|3f|download_token=56c6150a8910ce6e9060e38ac3662ba6cafba7e87b25de9db6b3594e30ea4c2b"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"bedrive.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862888/; classtype:trojan-activity;sid:84725988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862885)"; flow:established,from_client; content:"GET"; http_method; content:"/kkk.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862885/; classtype:trojan-activity;sid:84725985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862886)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/asusrt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862886/; classtype:trojan-activity;sid:84725986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862887)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mips64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862887/; classtype:trojan-activity;sid:84725987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862883)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862883/; classtype:trojan-activity;sid:84725983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862884)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862884/; classtype:trojan-activity;sid:84725984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862882)"; flow:established,from_client; content:"GET"; http_method; content:"/2c58a06d-5872-4c0e-a13f-999d366b463b"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fzrflqf.amoozeshagazade.shop"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862882/; classtype:trojan-activity;sid:84725982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862881)"; flow:established,from_client; content:"GET"; http_method; content:"/d649e220-94ad-4e3e-8d30-3141d510f59b"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"rjwfiwgjr.defamogadas.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862881/; classtype:trojan-activity;sid:84725981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.8.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862880/; classtype:trojan-activity;sid:84725980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862879)"; flow:established,from_client; content:"GET"; http_method; content:"/script.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"aetherframework.digital"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862879/; classtype:trojan-activity;sid:84725979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.23.139.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862878/; classtype:trojan-activity;sid:84725978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862876)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=50171ea8-3e76-41af-b2e8-84c152e18979"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1cihg2b5.anodaz.vip"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862876/; classtype:trojan-activity;sid:84725976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862877)"; flow:established,from_client; content:"GET"; http_method; content:"/5bd40d88-0c5e-478c-9753-3e877905a8e0"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mocauhxe.mabanishimi.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862877/; classtype:trojan-activity;sid:84725977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.8.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862875/; classtype:trojan-activity;sid:84725975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862874)"; flow:established,from_client; content:"GET"; http_method; content:"/13e33441-5d5f-40f0-a159-333cff5e21d3"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"iznukhb.hesabdari2.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862874/; classtype:trojan-activity;sid:84725974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.96.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862873/; classtype:trojan-activity;sid:84725973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862872)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=8fa6cda4-73a4-4f89-8dc5-01df568f4daf"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"zo4t1q36.moarefeslami.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862872/; classtype:trojan-activity;sid:84725972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.90.192.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862871/; classtype:trojan-activity;sid:84725971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.143.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862870/; classtype:trojan-activity;sid:84725970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862869)"; flow:established,from_client; content:"GET"; http_method; content:"/8c3bdf2f-2503-499f-a36e-311b3ac8b796"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"chamcmlu.jamjahani.football"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862869/; classtype:trojan-activity;sid:84725969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.2.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862868/; classtype:trojan-activity;sid:84725968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.41.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862867/; classtype:trojan-activity;sid:84725967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862866)"; flow:established,from_client; content:"GET"; http_method; content:"/166436ad-0a7e-45c4-84a8-477b6dc8e43f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bnxtprw.hesabdarieskandari.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862866/; classtype:trojan-activity;sid:84725966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.2.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862865/; classtype:trojan-activity;sid:84725965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862864)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=dacad267-6321-4089-a5bf-2fa5ceabd0c0"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"m2bu2yf9.ansuyemarg.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862864/; classtype:trojan-activity;sid:84725964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862863)"; flow:established,from_client; content:"GET"; http_method; content:"/535c6fa6-75b3-4d82-873c-eb6088e557d7"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"kpeahfhd.rial.bet"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862863/; classtype:trojan-activity;sid:84725963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.91.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862862/; classtype:trojan-activity;sid:84725962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862861)"; flow:established,from_client; content:"GET"; http_method; content:"/469f8c81-4398-4789-9070-e3c03bcc5684"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"verccbf.hesabdarinoravesh.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862861/; classtype:trojan-activity;sid:84725961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.113.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862860/; classtype:trojan-activity;sid:84725960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862859)"; flow:established,from_client; content:"GET"; http_method; content:"/0dfef398-6be9-4dc1-8231-f9e6a3f4000b"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bgdfvnukx.darsnamejame.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862859/; classtype:trojan-activity;sid:84725959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.243.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862858/; classtype:trojan-activity;sid:84725958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.74.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862857/; classtype:trojan-activity;sid:84725957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862856)"; flow:established,from_client; content:"GET"; http_method; content:"/b6abc696-cf5a-403a-a461-729e05294143"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"wkgrduot.restaurantguideaarhus.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862856/; classtype:trojan-activity;sid:84725956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.138.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862855/; classtype:trojan-activity;sid:84725955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.113.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862854/; classtype:trojan-activity;sid:84725954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.189.203.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862853/; classtype:trojan-activity;sid:84725953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862852)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vps36563.maxko-hosting.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862852/; classtype:trojan-activity;sid:84725952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862851)"; flow:established,from_client; content:"GET"; http_method; content:"/003331bb-e12e-4b7a-8004-44c2af6cab0c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gpbvnrp.hesabdariosmani.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862851/; classtype:trojan-activity;sid:84725951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862848)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.40.127.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862848/; classtype:trojan-activity;sid:84725948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862849)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"150.40.127.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862849/; classtype:trojan-activity;sid:84725949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862850)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"150.40.127.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862850/; classtype:trojan-activity;sid:84725950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862846)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vps36563.maxko-hosting.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862846/; classtype:trojan-activity;sid:84725946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862847)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vps36563.maxko-hosting.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862847/; classtype:trojan-activity;sid:84725947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862844)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vps36563.maxko-hosting.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862844/; classtype:trojan-activity;sid:84725944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862845)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vps36563.maxko-hosting.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862845/; classtype:trojan-activity;sid:84725945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862838)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"150.40.127.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862838/; classtype:trojan-activity;sid:84725938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862839)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.40.127.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862839/; classtype:trojan-activity;sid:84725939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862840)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.40.127.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862840/; classtype:trojan-activity;sid:84725940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862841)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"150.40.127.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862841/; classtype:trojan-activity;sid:84725941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862842)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.40.127.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862842/; classtype:trojan-activity;sid:84725942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862843)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.40.127.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862843/; classtype:trojan-activity;sid:84725943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862829)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vps36563.maxko-hosting.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862829/; classtype:trojan-activity;sid:84725929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862830)"; flow:established,from_client; content:"GET"; http_method; content:"/cia.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vps36563.maxko-hosting.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862830/; classtype:trojan-activity;sid:84725930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862831)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vps36563.maxko-hosting.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862831/; classtype:trojan-activity;sid:84725931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862832)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"vps36563.maxko-hosting.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862832/; classtype:trojan-activity;sid:84725932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862833)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"150.40.127.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862833/; classtype:trojan-activity;sid:84725933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862834)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"vps36563.maxko-hosting.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862834/; classtype:trojan-activity;sid:84725934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862835)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vps36563.maxko-hosting.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862835/; classtype:trojan-activity;sid:84725935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862836)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vps36563.maxko-hosting.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862836/; classtype:trojan-activity;sid:84725936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862837)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vps36563.maxko-hosting.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862837/; classtype:trojan-activity;sid:84725937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862826)"; flow:established,from_client; content:"GET"; http_method; content:"/cia.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.40.127.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862826/; classtype:trojan-activity;sid:84725926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862827)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.40.127.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862827/; classtype:trojan-activity;sid:84725927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862828)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"150.40.127.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862828/; classtype:trojan-activity;sid:84725928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862825)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3a22839b-00c2-4e26-ab3f-045e79c2c068"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"xnvdto36.ganuneasasi.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862825/; classtype:trojan-activity;sid:84725925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.129.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862824/; classtype:trojan-activity;sid:84725924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.247.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862823/; classtype:trojan-activity;sid:84725923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862822)"; flow:established,from_client; content:"GET"; http_method; content:"/0407c3be-3de0-448c-b909-1ceadc447ff0"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lwywtkki.winxbet.co"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862822/; classtype:trojan-activity;sid:84725922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.129.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862821/; classtype:trojan-activity;sid:84725921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.176.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862820/; classtype:trojan-activity;sid:84725920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862819)"; flow:established,from_client; content:"GET"; http_method; content:"/like/forreal/nigger.sh"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"theordernetwork.qzz.io"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862819/; classtype:trojan-activity;sid:84725919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862818)"; flow:established,from_client; content:"GET"; http_method; content:"/3363275c-1462-4777-b6de-7e5d86004b47"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ewnwfae.hesabdaripishrafte.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862818/; classtype:trojan-activity;sid:84725918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.77.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862817/; classtype:trojan-activity;sid:84725917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862816)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.155.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862816/; classtype:trojan-activity;sid:84725916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.221.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862815/; classtype:trojan-activity;sid:84725915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862814)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=27e72384-1c6b-4aa6-8f8d-987a10d56df3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"cxwqtlc8.asibshenasiyahya.shop"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862814/; classtype:trojan-activity;sid:84725914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.153.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862813/; classtype:trojan-activity;sid:84725913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.85.111.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862812/; classtype:trojan-activity;sid:84725912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862811)"; flow:established,from_client; content:"GET"; http_method; content:"/015eb0df-75e4-405a-9338-1b85fe160be3"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"viypaevf.wrfc8.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862811/; classtype:trojan-activity;sid:84725911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862810)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.39.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862810/; classtype:trojan-activity;sid:84725910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.79.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862809/; classtype:trojan-activity;sid:84725909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.148.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862808/; classtype:trojan-activity;sid:84725908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862807)"; flow:established,from_client; content:"GET"; http_method; content:"/996bbf24-aced-4517-a0e2-c14bd065c6aa"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"iqduira.akhlagvaahkam.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862807/; classtype:trojan-activity;sid:84725907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.77.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862806/; classtype:trojan-activity;sid:84725906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862805)"; flow:established,from_client; content:"GET"; http_method; content:"/f59e91c0-f1e8-4cdd-9489-648314625e8c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mvwrgylee.danestanihavarzeshi.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862805/; classtype:trojan-activity;sid:84725905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862804)"; flow:established,from_client; content:"GET"; http_method; content:"/0e521201-3503-40a5-9b31-907edd9b1e02"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"aolbzrji.red90.casino"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862804/; classtype:trojan-activity;sid:84725904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.77.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862803/; classtype:trojan-activity;sid:84725903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862802)"; flow:established,from_client; content:"GET"; http_method; content:"/e8072307-699d-479a-b4d8-199582ee7792"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"sdlclrs.akhlageslami.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862802/; classtype:trojan-activity;sid:84725902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.79.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862801/; classtype:trojan-activity;sid:84725901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.249.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862800/; classtype:trojan-activity;sid:84725900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862799)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=5fa27a5d-774d-439b-92c3-641123e86093"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"8h9b5pgo.garatequran.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862799/; classtype:trojan-activity;sid:84725899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.167.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862798/; classtype:trojan-activity;sid:84725898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.51.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862797/; classtype:trojan-activity;sid:84725897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.80.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862796/; classtype:trojan-activity;sid:84725896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.225.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862795/; classtype:trojan-activity;sid:84725895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862794)"; flow:established,from_client; content:"GET"; http_method; content:"/eaafea33-00a7-4ed3-ad29-ddbe9349d2de"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xweepogg.jamjahani2026.football"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862794/; classtype:trojan-activity;sid:84725894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.255.42.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862793/; classtype:trojan-activity;sid:84725893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.65.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862792/; classtype:trojan-activity;sid:84725892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.238.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862791/; classtype:trojan-activity;sid:84725891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.80.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862790/; classtype:trojan-activity;sid:84725890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.178.5.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_11; reference:url, urlhaus.abuse.ch/url/3862789/; classtype:trojan-activity;sid:84725889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.133.65.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862788/; classtype:trojan-activity;sid:84725888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.162.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862786/; classtype:trojan-activity;sid:84725886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862787/; classtype:trojan-activity;sid:84725887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.238.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862785/; classtype:trojan-activity;sid:84725885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.51.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862784/; classtype:trojan-activity;sid:84725884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862783)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1aa243f2-53f4-42f8-b8bd-b4b7550c4e05"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"rn0mptxh.anodaz.tv"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862783/; classtype:trojan-activity;sid:84725883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862782)"; flow:established,from_client; content:"GET"; http_method; content:"/35b3877f-263c-47fa-b6bd-3b4a8b10eb4e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"yhtdzkc.akhlagheslami.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862782/; classtype:trojan-activity;sid:84725882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862781)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=8d110c04-d09d-4ae2-8dac-e6d79e94a613"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"v4qu8nnt.azmoondadrasi.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862781/; classtype:trojan-activity;sid:84725881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862780)"; flow:established,from_client; content:"GET"; http_method; content:"/f7e53717-7e43-4a17-97ad-4f4682d0c1bd"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"twvrjjcu.hugugtejarat4.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862780/; classtype:trojan-activity;sid:84725880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"69.178.5.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862779/; classtype:trojan-activity;sid:84725879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862778/; classtype:trojan-activity;sid:84725878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.102.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862777/; classtype:trojan-activity;sid:84725877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.133.65.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862776/; classtype:trojan-activity;sid:84725876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.146.92.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862775/; classtype:trojan-activity;sid:84725875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.31.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862774/; classtype:trojan-activity;sid:84725874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862772)"; flow:established,from_client; content:"GET"; http_method; content:"/files/881715592/opcteft.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862772/; classtype:trojan-activity;sid:84725872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862773)"; flow:established,from_client; content:"GET"; http_method; content:"/39151b85-25d5-4ed9-a3b9-b3c3dd14dd7f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"sdkymow.amoozeshtagipour.shop"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862773/; classtype:trojan-activity;sid:84725873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862771)"; flow:established,from_client; content:"GET"; http_method; content:"/ce10fd15-5483-464e-b530-a4c07d7990d7"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gynclfjtx.daneshkhanevade.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862771/; classtype:trojan-activity;sid:84725871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862770)"; flow:established,from_client; content:"GET"; http_method; content:"/a8e9b327-badd-4c07-8566-8adfa7b10843"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zntknawd.hugugtatbigi.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862770/; classtype:trojan-activity;sid:84725870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.255.239.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862769/; classtype:trojan-activity;sid:84725869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.255.239.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862768/; classtype:trojan-activity;sid:84725868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.116.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862767/; classtype:trojan-activity;sid:84725867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862766)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/xd.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"152.236.7.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862766/; classtype:trojan-activity;sid:84725866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.195.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862765/; classtype:trojan-activity;sid:84725865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.102.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862764/; classtype:trojan-activity;sid:84725864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862763)"; flow:established,from_client; content:"GET"; http_method; content:"/16414a28-5fc2-4d99-adab-a46560e53b89"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cxhsipt.honarrang.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862763/; classtype:trojan-activity;sid:84725863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862762)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b12c1a52-db18-49ab-8217-2701a19e0854"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"181xlt4g.gavaedfagahe.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862762/; classtype:trojan-activity;sid:84725862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862761)"; flow:established,from_client; content:"GET"; http_method; content:"/c0d5838e-9bd3-4bf3-8e13-9428022b1453"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"agiqsfnr.hugugnasiri.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862761/; classtype:trojan-activity;sid:84725861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.238.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862760/; classtype:trojan-activity;sid:84725860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.90.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862759/; classtype:trojan-activity;sid:84725859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862758)"; flow:established,from_client; content:"GET"; http_method; content:"/10x06x2026_x32.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862758/; classtype:trojan-activity;sid:84725858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.79.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862757/; classtype:trojan-activity;sid:84725857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862756)"; flow:established,from_client; content:"GET"; http_method; content:"/10x06x2026_x64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862756/; classtype:trojan-activity;sid:84725856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862755)"; flow:established,from_client; content:"GET"; http_method; content:"/sprd.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862755/; classtype:trojan-activity;sid:84725855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862754)"; flow:established,from_client; content:"GET"; http_method; content:"/902ef6d2-2fd0-45d0-9574-f8926262a7ac"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ttsnmsv.honareslami.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862754/; classtype:trojan-activity;sid:84725854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862753/; classtype:trojan-activity;sid:84725853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.90.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862752/; classtype:trojan-activity;sid:84725852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862751)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=2fc13a1c-3120-41d7-8aaa-45c506a491cd"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"jqfg2zyi.ehtemalatvaamar.xyz"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862751/; classtype:trojan-activity;sid:84725851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862750)"; flow:established,from_client; content:"GET"; http_method; content:"/b28baf5d-a4b0-4084-a307-343ef10cbca8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lkbctabw.hugugmadanikatouzian.xyz"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862750/; classtype:trojan-activity;sid:84725850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.139.27.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862749/; classtype:trojan-activity;sid:84725849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.14.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862748/; classtype:trojan-activity;sid:84725848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.11.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862747/; classtype:trojan-activity;sid:84725847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.236.65.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862746/; classtype:trojan-activity;sid:84725846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.14.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862745/; classtype:trojan-activity;sid:84725845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.202.65.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862744/; classtype:trojan-activity;sid:84725844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862743)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"142.93.165.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862743/; classtype:trojan-activity;sid:84725843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862742)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"142.93.165.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862742/; classtype:trojan-activity;sid:84725842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.11.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862741/; classtype:trojan-activity;sid:84725841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862740)"; flow:established,from_client; content:"GET"; http_method; content:"/b615135a-ea97-47f1-8203-f663721185e9"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"kfahpou.honardartarikh.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862740/; classtype:trojan-activity;sid:84725840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.139.27.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862739/; classtype:trojan-activity;sid:84725839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.151.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862738/; classtype:trojan-activity;sid:84725838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862728)"; flow:established,from_client; content:"GET"; http_method; content:"/binary/kwari.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.234.100.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862728/; classtype:trojan-activity;sid:84725828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862729)"; flow:established,from_client; content:"GET"; http_method; content:"/binary/kwari.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.234.100.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862729/; classtype:trojan-activity;sid:84725829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862730)"; flow:established,from_client; content:"GET"; http_method; content:"/binary/kwari.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.234.100.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862730/; classtype:trojan-activity;sid:84725830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862731)"; flow:established,from_client; content:"GET"; http_method; content:"/binary/kwari.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.234.100.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862731/; classtype:trojan-activity;sid:84725831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862732)"; flow:established,from_client; content:"GET"; http_method; content:"/binary/kwari.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.234.100.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862732/; classtype:trojan-activity;sid:84725832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862733)"; flow:established,from_client; content:"GET"; http_method; content:"/binary/sex.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.234.100.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862733/; classtype:trojan-activity;sid:84725833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862734)"; flow:established,from_client; content:"GET"; http_method; content:"/binary/kwari.arm7"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.234.100.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862734/; classtype:trojan-activity;sid:84725834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862735)"; flow:established,from_client; content:"GET"; http_method; content:"/binary/kwari.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.234.100.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862735/; classtype:trojan-activity;sid:84725835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862736)"; flow:established,from_client; content:"GET"; http_method; content:"/binary/kwari.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.234.100.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862736/; classtype:trojan-activity;sid:84725836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862737)"; flow:established,from_client; content:"GET"; http_method; content:"/binary/kwari.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.234.100.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862737/; classtype:trojan-activity;sid:84725837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862726)"; flow:established,from_client; content:"GET"; http_method; content:"/binary/o.xml"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.234.100.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862726/; classtype:trojan-activity;sid:84725826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862727)"; flow:established,from_client; content:"GET"; http_method; content:"/binary/kwari.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"vs30445.par01fr.vsys.cloud"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862727/; classtype:trojan-activity;sid:84725827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862724)"; flow:established,from_client; content:"GET"; http_method; content:"/binary/kwari.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.234.100.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862724/; classtype:trojan-activity;sid:84725824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862725)"; flow:established,from_client; content:"GET"; http_method; content:"/binary/kwari.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.234.100.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862725/; classtype:trojan-activity;sid:84725825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862723)"; flow:established,from_client; content:"GET"; http_method; content:"/binary/o.xml"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vs30445.par01fr.vsys.cloud"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862723/; classtype:trojan-activity;sid:84725823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862722)"; flow:established,from_client; content:"GET"; http_method; content:"/b809f6b7-adb0-44ca-a518-97289a5dea36"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"kuwwcojw.hugugmadani6.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862722/; classtype:trojan-activity;sid:84725822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.251.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862721/; classtype:trojan-activity;sid:84725821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.65.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862720/; classtype:trojan-activity;sid:84725820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862719)"; flow:established,from_client; content:"GET"; http_method; content:"/714306f1-8567-4361-b110-6eca0e6efd8e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"snvgupcvn.bookkade.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862719/; classtype:trojan-activity;sid:84725819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862718)"; flow:established,from_client; content:"GET"; http_method; content:"/e2bbe70d-c19d-4a3d-b9be-cdda5eeecdc6"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mojzkvtc.hugugmadani6.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862718/; classtype:trojan-activity;sid:84725818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.122.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862717/; classtype:trojan-activity;sid:84725817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.151.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862716/; classtype:trojan-activity;sid:84725816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.76.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862715/; classtype:trojan-activity;sid:84725815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862714)"; flow:established,from_client; content:"GET"; http_method; content:"/5fcb8512-5ed3-40a5-91f5-c28f0be4dfa6"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"wswgllp.honarcinema.online"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862714/; classtype:trojan-activity;sid:84725814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.254.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862713/; classtype:trojan-activity;sid:84725813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862712)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=6f727837-7f05-48aa-a335-d6563bde504e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"b57agvqn.azmoonhayeravani.shop"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862712/; classtype:trojan-activity;sid:84725812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862711)"; flow:established,from_client; content:"GET"; http_method; content:"/a906dc3d-f9d2-48cc-aeec-4f8307650081"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cwwviitu.hugugmadani3.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862711/; classtype:trojan-activity;sid:84725811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862710)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=5e068018-bbfe-4f52-872f-cb4642a75c53"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"w2hnzhub.fununetadris.shop"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862710/; classtype:trojan-activity;sid:84725810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.76.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862708/; classtype:trojan-activity;sid:84725808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.122.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862709/; classtype:trojan-activity;sid:84725809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.227.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862707/; classtype:trojan-activity;sid:84725807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.216.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862706/; classtype:trojan-activity;sid:84725806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.136.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862705/; classtype:trojan-activity;sid:84725805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862704)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7eca67ba-695e-4cf4-af69-7a4e4f8e1d58"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"8t4ow8gc.azmoonhayeravani.shop"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862704/; classtype:trojan-activity;sid:84725804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.61.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862702/; classtype:trojan-activity;sid:84725802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.254.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862703/; classtype:trojan-activity;sid:84725803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862701)"; flow:established,from_client; content:"GET"; http_method; content:"/35d22aeb-8409-4429-a5b9-afc42052e503"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vbpfixp.hesabdarishabahang.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862701/; classtype:trojan-activity;sid:84725801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.238.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862700/; classtype:trojan-activity;sid:84725800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.40.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862699/; classtype:trojan-activity;sid:84725799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862698)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=bc5bf125-7ddd-4912-aae8-685cdf0e7dc9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"a6g6ikpn.geotechnictahuni.store"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862698/; classtype:trojan-activity;sid:84725798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862697)"; flow:established,from_client; content:"GET"; http_method; content:"/f588b670-4412-4718-b70f-bb7921c5c0a8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"egtxaxxwy.bookkade.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862697/; classtype:trojan-activity;sid:84725797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.216.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862696/; classtype:trojan-activity;sid:84725796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862695)"; flow:established,from_client; content:"GET"; http_method; content:"/792a9478-64fd-496b-bffa-d67ac81c9fb2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vbjnuyvt.hugugedari.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862695/; classtype:trojan-activity;sid:84725795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.108.240.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862693/; classtype:trojan-activity;sid:84725793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.108.240.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862694/; classtype:trojan-activity;sid:84725794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862692)"; flow:established,from_client; content:"GET"; http_method; content:"/9baf1d78-abc2-439c-a680-07cc64ad5fd4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"uywdaxpat.bookdrive.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862692/; classtype:trojan-activity;sid:84725792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862691)"; flow:established,from_client; content:"GET"; http_method; content:"/f7d5c21d-6149-453b-b749-25f8e059240c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mdsbgax.hesabdaripishrafte.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862691/; classtype:trojan-activity;sid:84725791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.46.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862690/; classtype:trojan-activity;sid:84725790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.136.137.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862689/; classtype:trojan-activity;sid:84725789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862688)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e2e6b3e3-bb6e-40f4-a31d-d32e6e43f8be"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"uxl15txz.azmoondadrasi.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862688/; classtype:trojan-activity;sid:84725788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862687)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d483fc8a-4b53-428e-a7e9-3ddcb0341f09"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dk2acd53.anodaz.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862687/; classtype:trojan-activity;sid:84725787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.136.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862686/; classtype:trojan-activity;sid:84725786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.86.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862685/; classtype:trojan-activity;sid:84725785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862684)"; flow:established,from_client; content:"GET"; http_method; content:"/4af104d3-58c3-4cc2-a01e-4310d4ee6869"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pejfezjq.hugugdaryayi.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862684/; classtype:trojan-activity;sid:84725784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862683)"; flow:established,from_client; content:"GET"; http_method; content:"/2c9ff681-8c0f-44fb-a86b-f6e583413d68"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ktwyzyj.hesabdaripishrafte.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862683/; classtype:trojan-activity;sid:84725783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862682)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=4c5babf8-b7d0-4a64-81c7-0b92a4378414"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"pbmbrhid.gavaedfagahe.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862682/; classtype:trojan-activity;sid:84725782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.84.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862681/; classtype:trojan-activity;sid:84725781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862680)"; flow:established,from_client; content:"GET"; http_method; content:"/12fb1381-cee6-4a47-8f6e-3d30b1ec1260"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ivyyokmi.hugugdaryayi.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862680/; classtype:trojan-activity;sid:84725780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.176.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862678/; classtype:trojan-activity;sid:84725778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.187.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862679/; classtype:trojan-activity;sid:84725779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.188.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862677/; classtype:trojan-activity;sid:84725777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.86.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862676/; classtype:trojan-activity;sid:84725776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.9.35.137"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862675/; classtype:trojan-activity;sid:84725775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862674)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=4388ea9d-77bf-4de1-9c8d-10b910f34e3e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"7m9gr5qr.anodaz.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862674/; classtype:trojan-activity;sid:84725774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.227.251.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862673/; classtype:trojan-activity;sid:84725773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862672)"; flow:established,from_client; content:"GET"; http_method; content:"/66b4e0fe-d4e8-4826-aa15-604a6b07ba49"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mirqics.hesabdariosmani.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862672/; classtype:trojan-activity;sid:84725772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.238.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862671/; classtype:trojan-activity;sid:84725771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.74.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862670/; classtype:trojan-activity;sid:84725770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862669)"; flow:established,from_client; content:"GET"; http_method; content:"/1f270248-9894-4efa-9d6d-2be90ef09192"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"herxydns.hugugbime.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862669/; classtype:trojan-activity;sid:84725769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.74.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862668/; classtype:trojan-activity;sid:84725768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.101.188.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862667/; classtype:trojan-activity;sid:84725767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862666)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d6d47cb9-5c0f-494a-8f81-e6ef03496bed"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"5wtpqrho.azmoondadrasi.xyz"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862666/; classtype:trojan-activity;sid:84725766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.40.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862664/; classtype:trojan-activity;sid:84725764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862665/; classtype:trojan-activity;sid:84725765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.162.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862663/; classtype:trojan-activity;sid:84725763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.238.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862662/; classtype:trojan-activity;sid:84725762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.243.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862661/; classtype:trojan-activity;sid:84725761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862660)"; flow:established,from_client; content:"GET"; http_method; content:"/e3b7354c-6fbb-4ba3-871b-1d51491105ab"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"kmjlrhh.hesabdarinoravesh.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862660/; classtype:trojan-activity;sid:84725760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862659)"; flow:established,from_client; content:"GET"; http_method; content:"/img/stego.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"corwineagles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862659/; classtype:trojan-activity;sid:84725759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862658)"; flow:established,from_client; content:"GET"; http_method; content:"/b97da09e-0c17-4b63-b41d-bb4bb4c9ed19"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vkuyoujz.hugugbeynolmelal.xyz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862658/; classtype:trojan-activity;sid:84725758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862657)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=4a152bc9-6099-45e2-a809-e6ebc408d61c"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"mf1klp19.gavaedfagahe.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862657/; classtype:trojan-activity;sid:84725757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862656)"; flow:established,from_client; content:"GET"; http_method; content:"/d4140e2f-666c-46dc-8089-9309c3b46a12"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qxuedtbmu.bookdrive.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862656/; classtype:trojan-activity;sid:84725756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.187.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862655/; classtype:trojan-activity;sid:84725755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.182.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862654/; classtype:trojan-activity;sid:84725754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862653)"; flow:established,from_client; content:"GET"; http_method; content:"/dcd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"47.239.166.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862653/; classtype:trojan-activity;sid:84725753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862652)"; flow:established,from_client; content:"GET"; http_method; content:"/dcd"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"47.239.166.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862652/; classtype:trojan-activity;sid:84725752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862651)"; flow:established,from_client; content:"GET"; http_method; content:"/solur.fla"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pub-1ba883191dcb4a4baebb449fba68a356.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862651/; classtype:trojan-activity;sid:84725751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862650)"; flow:established,from_client; content:"GET"; http_method; content:"/244a0d94-fcf9-4d68-8aac-1cd337a2a33c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ajwrgnf.hesabdarieskandari.xyz"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862650/; classtype:trojan-activity;sid:84725750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862649)"; flow:established,from_client; content:"GET"; http_method; content:"/french/client.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"cstaipas.pt"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862649/; classtype:trojan-activity;sid:84725749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862648)"; flow:established,from_client; content:"GET"; http_method; content:"/js/client.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bunnellmc.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862648/; classtype:trojan-activity;sid:84725748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.180.244.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862647/; classtype:trojan-activity;sid:84725747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862646)"; flow:established,from_client; content:"GET"; http_method; content:"/oheuqq.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pub-3bc1de741f8149f49bdbafa703067f24.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862646/; classtype:trojan-activity;sid:84725746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862645)"; flow:established,from_client; content:"GET"; http_method; content:"/naza/stub.ps1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"remolcares.us"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862645/; classtype:trojan-activity;sid:84725745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862644)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.101.188.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862644/; classtype:trojan-activity;sid:84725744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.120.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862643/; classtype:trojan-activity;sid:84725743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862642)"; flow:established,from_client; content:"GET"; http_method; content:"/sass/rumpdj.png"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"brenmayasociados.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862642/; classtype:trojan-activity;sid:84725742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862641)"; flow:established,from_client; content:"GET"; http_method; content:"/ken.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pub-ce02802067934e0eb072f69bf6427bf6.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862641/; classtype:trojan-activity;sid:84725741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862640)"; flow:established,from_client; content:"GET"; http_method; content:"/flomotg4.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"devltl.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862640/; classtype:trojan-activity;sid:84725740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862639)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tt-mods18.click"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862639/; classtype:trojan-activity;sid:84725739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862638)"; flow:established,from_client; content:"GET"; http_method; content:"/kk/novaciubpl.dat"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"153.80.240.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862638/; classtype:trojan-activity;sid:84725738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862637)"; flow:established,from_client; content:"GET"; http_method; content:"/city101/nova_logs_3.dat"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"194.87.71.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862637/; classtype:trojan-activity;sid:84725737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862636)"; flow:established,from_client; content:"GET"; http_method; content:"/snk02.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pub-45a83f302a1943ed8d62418c2af947ef.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862636/; classtype:trojan-activity;sid:84725736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862635)"; flow:established,from_client; content:"GET"; http_method; content:"/pgkcx"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862635/; classtype:trojan-activity;sid:84725735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862634)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/wp-debug/stub2.ps1"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"trade-eprex.pro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862634/; classtype:trojan-activity;sid:84725734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862633)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/wp-debug/stub1.ps1"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"trade-eprex.pro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862633/; classtype:trojan-activity;sid:84725733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862632)"; flow:established,from_client; content:"GET"; http_method; content:"/img_112444.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"seesaw.rf.gd"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862632/; classtype:trojan-activity;sid:84725732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862631)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/wp-debug/aojstub.ps1"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"trade-eprex.pro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862631/; classtype:trojan-activity;sid:84725731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862630)"; flow:established,from_client; content:"GET"; http_method; content:"/096ddeaa-f7d4-4ba4-8170-c5bb1ba64063"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"sdgbisna.jamjahani2026.football"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862630/; classtype:trojan-activity;sid:84725730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862629)"; flow:established,from_client; content:"GET"; http_method; content:"/22858648-41f9-46a9-bb37-ab48c656c976"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xtsfgslg.jamjahani2026.football"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862629/; classtype:trojan-activity;sid:84725729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862628)"; flow:established,from_client; content:"GET"; http_method; content:"/222c359b-61e3-4b4d-bc64-4d6903eeea7b"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"yitqjyww.hugu2gt2ejarat.shop"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862628/; classtype:trojan-activity;sid:84725728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.112.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862627/; classtype:trojan-activity;sid:84725727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.120.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862626/; classtype:trojan-activity;sid:84725726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.67.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862625/; classtype:trojan-activity;sid:84725725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.55.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862624/; classtype:trojan-activity;sid:84725724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862623)"; flow:established,from_client; content:"GET"; http_method; content:"/ed9c124f-23f4-42e1-aa84-84a7b407b84c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"whtfwec.hesabdari3.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862623/; classtype:trojan-activity;sid:84725723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.55.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862622/; classtype:trojan-activity;sid:84725722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.7.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862621/; classtype:trojan-activity;sid:84725721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862617)"; flow:established,from_client; content:"GET"; http_method; content:"/fe9a4f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862617/; classtype:trojan-activity;sid:84725717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862618)"; flow:established,from_client; content:"GET"; http_method; content:"/3c4b5c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862618/; classtype:trojan-activity;sid:84725718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862619)"; flow:established,from_client; content:"GET"; http_method; content:"/dca252"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862619/; classtype:trojan-activity;sid:84725719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862620)"; flow:established,from_client; content:"GET"; http_method; content:"/4b708f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862620/; classtype:trojan-activity;sid:84725720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862608)"; flow:established,from_client; content:"GET"; http_method; content:"/b62386"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862608/; classtype:trojan-activity;sid:84725708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862609)"; flow:established,from_client; content:"GET"; http_method; content:"/affe19"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862609/; classtype:trojan-activity;sid:84725709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862610)"; flow:established,from_client; content:"GET"; http_method; content:"/fad9fe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862610/; classtype:trojan-activity;sid:84725710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862611)"; flow:established,from_client; content:"GET"; http_method; content:"/b82773"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862611/; classtype:trojan-activity;sid:84725711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862612)"; flow:established,from_client; content:"GET"; http_method; content:"/b199fb"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862612/; classtype:trojan-activity;sid:84725712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862613)"; flow:established,from_client; content:"GET"; http_method; content:"/c4bcf4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862613/; classtype:trojan-activity;sid:84725713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862614)"; flow:established,from_client; content:"GET"; http_method; content:"/29ede0"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862614/; classtype:trojan-activity;sid:84725714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862615)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.175.249.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862615/; classtype:trojan-activity;sid:84725715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862616)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862616/; classtype:trojan-activity;sid:84725716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862605)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.249.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862605/; classtype:trojan-activity;sid:84725705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862606)"; flow:established,from_client; content:"GET"; http_method; content:"/pib"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862606/; classtype:trojan-activity;sid:84725706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862607)"; flow:established,from_client; content:"GET"; http_method; content:"/9vpv"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862607/; classtype:trojan-activity;sid:84725707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862602)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.175.249.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862602/; classtype:trojan-activity;sid:84725702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.75.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862603/; classtype:trojan-activity;sid:84725703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.243.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862604/; classtype:trojan-activity;sid:84725704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862596)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.175.249.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862596/; classtype:trojan-activity;sid:84725696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862597)"; flow:established,from_client; content:"GET"; http_method; content:"/734704"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862597/; classtype:trojan-activity;sid:84725697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862598)"; flow:established,from_client; content:"GET"; http_method; content:"/3b7860"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862598/; classtype:trojan-activity;sid:84725698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862599)"; flow:established,from_client; content:"GET"; http_method; content:"/572dac"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862599/; classtype:trojan-activity;sid:84725699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862600)"; flow:established,from_client; content:"GET"; http_method; content:"/426ece"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862600/; classtype:trojan-activity;sid:84725700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862601)"; flow:established,from_client; content:"GET"; http_method; content:"/e0e01a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862601/; classtype:trojan-activity;sid:84725701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862590)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.175.249.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862590/; classtype:trojan-activity;sid:84725690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862591)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.249.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862591/; classtype:trojan-activity;sid:84725691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862592)"; flow:established,from_client; content:"GET"; http_method; content:"/67dbbc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862592/; classtype:trojan-activity;sid:84725692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862593)"; flow:established,from_client; content:"GET"; http_method; content:"/d92127"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862593/; classtype:trojan-activity;sid:84725693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862594)"; flow:established,from_client; content:"GET"; http_method; content:"/8d2950"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862594/; classtype:trojan-activity;sid:84725694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862595)"; flow:established,from_client; content:"GET"; http_method; content:"/4116e6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862595/; classtype:trojan-activity;sid:84725695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862587)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.38.63.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862587/; classtype:trojan-activity;sid:84725687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862588)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.249.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862588/; classtype:trojan-activity;sid:84725688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862589)"; flow:established,from_client; content:"GET"; http_method; content:"/5f6876"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862589/; classtype:trojan-activity;sid:84725689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862586)"; flow:established,from_client; content:"GET"; http_method; content:"/slaytonms/f/refs/heads/main/cmkdrch.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862586/; classtype:trojan-activity;sid:84725686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862585)"; flow:established,from_client; content:"GET"; http_method; content:"/slaytonms/teami/refs/heads/main/bkninff.txt"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862585/; classtype:trojan-activity;sid:84725685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862583)"; flow:established,from_client; content:"GET"; http_method; content:"/9baff3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862583/; classtype:trojan-activity;sid:84725683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862584)"; flow:established,from_client; content:"GET"; http_method; content:"/bw9y"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862584/; classtype:trojan-activity;sid:84725684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862580)"; flow:established,from_client; content:"GET"; http_method; content:"/ltoi"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862580/; classtype:trojan-activity;sid:84725680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862581)"; flow:established,from_client; content:"GET"; http_method; content:"/slaytonms/ty/refs/heads/main/ol.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862581/; classtype:trojan-activity;sid:84725681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862582)"; flow:established,from_client; content:"GET"; http_method; content:"/08436b03-ffb3-4df3-b54f-3d97111bb6af"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xffoobdu.jamjahani2026.football"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862582/; classtype:trojan-activity;sid:84725682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862561)"; flow:established,from_client; content:"GET"; http_method; content:"/8lnw"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862561/; classtype:trojan-activity;sid:84725661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862562)"; flow:established,from_client; content:"GET"; http_method; content:"/wwgh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862562/; classtype:trojan-activity;sid:84725662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862563)"; flow:established,from_client; content:"GET"; http_method; content:"/myv"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862563/; classtype:trojan-activity;sid:84725663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862564)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.175.249.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862564/; classtype:trojan-activity;sid:84725664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862565)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.249.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862565/; classtype:trojan-activity;sid:84725665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862566)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.249.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862566/; classtype:trojan-activity;sid:84725666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862567)"; flow:established,from_client; content:"GET"; http_method; content:"/skz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862567/; classtype:trojan-activity;sid:84725667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862568)"; flow:established,from_client; content:"GET"; http_method; content:"/404c5e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862568/; classtype:trojan-activity;sid:84725668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862569)"; flow:established,from_client; content:"GET"; http_method; content:"/e354df"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862569/; classtype:trojan-activity;sid:84725669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862570)"; flow:established,from_client; content:"GET"; http_method; content:"/2ad9f8"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862570/; classtype:trojan-activity;sid:84725670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862571)"; flow:established,from_client; content:"GET"; http_method; content:"/38b94a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862571/; classtype:trojan-activity;sid:84725671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862572)"; flow:established,from_client; content:"GET"; http_method; content:"/80df92"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862572/; classtype:trojan-activity;sid:84725672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862573)"; flow:established,from_client; content:"GET"; http_method; content:"/817811"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862573/; classtype:trojan-activity;sid:84725673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862574)"; flow:established,from_client; content:"GET"; http_method; content:"/29f3ca"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862574/; classtype:trojan-activity;sid:84725674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862575)"; flow:established,from_client; content:"GET"; http_method; content:"/f50bcd"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862575/; classtype:trojan-activity;sid:84725675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862576)"; flow:established,from_client; content:"GET"; http_method; content:"/5c05da"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862576/; classtype:trojan-activity;sid:84725676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862577)"; flow:established,from_client; content:"GET"; http_method; content:"/b69c6f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862577/; classtype:trojan-activity;sid:84725677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862578)"; flow:established,from_client; content:"GET"; http_method; content:"/0146bf"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862578/; classtype:trojan-activity;sid:84725678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862579)"; flow:established,from_client; content:"GET"; http_method; content:"/9lqt"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862579/; classtype:trojan-activity;sid:84725679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862558)"; flow:established,from_client; content:"GET"; http_method; content:"/slaytonms/y/refs/heads/main/adnkhbn.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862558/; classtype:trojan-activity;sid:84725658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862559)"; flow:established,from_client; content:"GET"; http_method; content:"/slaytonms/gy/refs/heads/main/eeijogb.txt"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862559/; classtype:trojan-activity;sid:84725659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862560)"; flow:established,from_client; content:"GET"; http_method; content:"/slaytonms/ti/refs/heads/main/fadodnk.txt"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862560/; classtype:trojan-activity;sid:84725660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862552)"; flow:established,from_client; content:"GET"; http_method; content:"/low"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862552/; classtype:trojan-activity;sid:84725652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862553)"; flow:established,from_client; content:"GET"; http_method; content:"/4651f3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862553/; classtype:trojan-activity;sid:84725653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862554)"; flow:established,from_client; content:"GET"; http_method; content:"/baaba3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862554/; classtype:trojan-activity;sid:84725654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862555)"; flow:established,from_client; content:"GET"; http_method; content:"/db9316"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862555/; classtype:trojan-activity;sid:84725655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862556)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.249.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862556/; classtype:trojan-activity;sid:84725656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862557)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7c6d8627-2492-418e-8e5c-94c3a2a12aee"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"2nyrkdw3.ayinzendegi.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862557/; classtype:trojan-activity;sid:84725657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862551)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.175.249.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862551/; classtype:trojan-activity;sid:84725651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862550)"; flow:established,from_client; content:"GET"; http_method; content:"/slaytonms/c/refs/heads/main/fbcmird.txt"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862550/; classtype:trojan-activity;sid:84725650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862548)"; flow:established,from_client; content:"GET"; http_method; content:"/slaytonms/game/refs/heads/main/fdcfpbp.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862548/; classtype:trojan-activity;sid:84725648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862549)"; flow:established,from_client; content:"GET"; http_method; content:"/slaytonms/tv/refs/heads/main/ga.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862549/; classtype:trojan-activity;sid:84725649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862547)"; flow:established,from_client; content:"GET"; http_method; content:"/slaytonms/m/refs/heads/main/games.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862547/; classtype:trojan-activity;sid:84725647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862546)"; flow:established,from_client; content:"GET"; http_method; content:"/d316e5b8-ad51-4816-99dc-cb5ba7d2e104"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hvqxbpp.hesabdari2.xyz"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862546/; classtype:trojan-activity;sid:84725646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862545)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1z_o0dybe-elct5xejbcobf38axt8xlwt"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862545/; classtype:trojan-activity;sid:84725645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.42.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862544/; classtype:trojan-activity;sid:84725644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862543)"; flow:established,from_client; content:"GET"; http_method; content:"/dijoff/ofcdijj.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"globaltechnosoft.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862543/; classtype:trojan-activity;sid:84725643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.7.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862542/; classtype:trojan-activity;sid:84725642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.124.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862541/; classtype:trojan-activity;sid:84725641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862540)"; flow:established,from_client; content:"GET"; http_method; content:"/slaytonms/kk/refs/heads/main/w1.txt"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862540/; classtype:trojan-activity;sid:84725640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.91.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862539/; classtype:trojan-activity;sid:84725639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862538)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=88b17f80-07f9-4e60-8518-b53f2319ba4f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"mwo3lg6u.garatequran.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862538/; classtype:trojan-activity;sid:84725638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862537/; classtype:trojan-activity;sid:84725637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862536)"; flow:established,from_client; content:"GET"; http_method; content:"/62cdcc81-5732-41a6-bd68-1e42332daf9a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"uulyqc.barnamenevisi.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862536/; classtype:trojan-activity;sid:84725636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862535)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"smart.abuse.st"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862535/; classtype:trojan-activity;sid:84725635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862533)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"smart.abuse.st"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862533/; classtype:trojan-activity;sid:84725633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862534)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"paperfoldercenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862534/; classtype:trojan-activity;sid:84725634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862532)"; flow:established,from_client; content:"GET"; http_method; content:"/651b22ff-3253-4f9a-a079-e11dc2e6bb8f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xomvdxaa.red90.casino"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862532/; classtype:trojan-activity;sid:84725632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.79.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862531/; classtype:trojan-activity;sid:84725631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.124.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862530/; classtype:trojan-activity;sid:84725630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862529)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/mscomctl.ocx"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"208.85.20.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862529/; classtype:trojan-activity;sid:84725629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862523)"; flow:established,from_client; content:"GET"; http_method; content:"/parts/it-job-interview-preparation-guide.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.101.85.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862523/; classtype:trojan-activity;sid:84725623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862524)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paperfoldercenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862524/; classtype:trojan-activity;sid:84725624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862525)"; flow:established,from_client; content:"GET"; http_method; content:"/part/setup.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.101.85.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862525/; classtype:trojan-activity;sid:84725625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862526)"; flow:established,from_client; content:"GET"; http_method; content:"/part/setup.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.101.85.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862526/; classtype:trojan-activity;sid:84725626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862527)"; flow:established,from_client; content:"GET"; http_method; content:"/file/visor%2bpdf.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"151.241.154.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862527/; classtype:trojan-activity;sid:84725627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862528)"; flow:established,from_client; content:"GET"; http_method; content:"/part/setup.pdf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"slotmy-send.tech"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862528/; classtype:trojan-activity;sid:84725628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862520)"; flow:established,from_client; content:"GET"; http_method; content:"/parts/it-job-interview-preparation-guide.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.101.85.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862520/; classtype:trojan-activity;sid:84725620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862521)"; flow:established,from_client; content:"GET"; http_method; content:"/cloud/screenshot_2026_01_06.lnk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"208.85.20.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862521/; classtype:trojan-activity;sid:84725621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862522)"; flow:established,from_client; content:"GET"; http_method; content:"/parts/it-job-interview-preparation-guide.pdf.lnk"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"slotmy-send.tech"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862522/; classtype:trojan-activity;sid:84725622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862518)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"paperfoldercenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862518/; classtype:trojan-activity;sid:84725618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862519)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paperfoldercenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862519/; classtype:trojan-activity;sid:84725619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862492)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.38.63.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862492/; classtype:trojan-activity;sid:84725592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862493)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.38.63.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862493/; classtype:trojan-activity;sid:84725593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862494)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.38.63.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862494/; classtype:trojan-activity;sid:84725594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862495)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.38.63.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862495/; classtype:trojan-activity;sid:84725595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862496)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"paperfoldercenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862496/; classtype:trojan-activity;sid:84725596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862497)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.38.63.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862497/; classtype:trojan-activity;sid:84725597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862498)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.38.63.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862498/; classtype:trojan-activity;sid:84725598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862499)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.38.63.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862499/; classtype:trojan-activity;sid:84725599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862500)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"paperfoldercenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862500/; classtype:trojan-activity;sid:84725600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862501)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paperfoldercenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862501/; classtype:trojan-activity;sid:84725601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"paperfoldercenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862502/; classtype:trojan-activity;sid:84725602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862503)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.38.63.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862503/; classtype:trojan-activity;sid:84725603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862504)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"82.38.63.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862504/; classtype:trojan-activity;sid:84725604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"82.38.63.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862505/; classtype:trojan-activity;sid:84725605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862506)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"paperfoldercenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862506/; classtype:trojan-activity;sid:84725606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862507)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.38.63.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862507/; classtype:trojan-activity;sid:84725607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862508)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"paperfoldercenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862508/; classtype:trojan-activity;sid:84725608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862509)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.38.63.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862509/; classtype:trojan-activity;sid:84725609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862510)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"paperfoldercenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862510/; classtype:trojan-activity;sid:84725610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862511)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.38.63.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862511/; classtype:trojan-activity;sid:84725611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862512)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"82.38.63.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862512/; classtype:trojan-activity;sid:84725612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862513)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"82.38.63.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862513/; classtype:trojan-activity;sid:84725613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862514)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paperfoldercenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862514/; classtype:trojan-activity;sid:84725614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862515)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"paperfoldercenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862515/; classtype:trojan-activity;sid:84725615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862516)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"paperfoldercenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862516/; classtype:trojan-activity;sid:84725616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862517)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paperfoldercenter.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862517/; classtype:trojan-activity;sid:84725617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862491)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862491/; classtype:trojan-activity;sid:84725591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862481)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862481/; classtype:trojan-activity;sid:84725581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862482)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862482/; classtype:trojan-activity;sid:84725582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862483)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862483/; classtype:trojan-activity;sid:84725583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862484)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862484/; classtype:trojan-activity;sid:84725584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862485)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862485/; classtype:trojan-activity;sid:84725585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862486)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862486/; classtype:trojan-activity;sid:84725586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862487)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862487/; classtype:trojan-activity;sid:84725587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862488)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862488/; classtype:trojan-activity;sid:84725588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862489)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862489/; classtype:trojan-activity;sid:84725589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862490)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862490/; classtype:trojan-activity;sid:84725590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862480)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"betvole9038.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862480/; classtype:trojan-activity;sid:84725580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862479)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"betvole9038.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862479/; classtype:trojan-activity;sid:84725579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862478)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"betvole9038.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862478/; classtype:trojan-activity;sid:84725578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862471)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862471/; classtype:trojan-activity;sid:84725571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862472)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862472/; classtype:trojan-activity;sid:84725572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862473)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.aarch64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"betvole9038.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862473/; classtype:trojan-activity;sid:84725573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862474)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.aarch64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862474/; classtype:trojan-activity;sid:84725574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862475)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862475/; classtype:trojan-activity;sid:84725575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862476)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862476/; classtype:trojan-activity;sid:84725576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862477)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"betvole9038.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862477/; classtype:trojan-activity;sid:84725577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862468)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862468/; classtype:trojan-activity;sid:84725568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862469)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"betvole9038.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862469/; classtype:trojan-activity;sid:84725569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862470)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862470/; classtype:trojan-activity;sid:84725570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.255.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862467/; classtype:trojan-activity;sid:84725567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862466)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"betvole9038.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862466/; classtype:trojan-activity;sid:84725566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862465)"; flow:established,from_client; content:"GET"; http_method; content:"/9bc5ca83-bf87-408c-a882-1699a5fe2c44"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ovzweeh.amoozeshagazade.shop"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862465/; classtype:trojan-activity;sid:84725565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.220.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862464/; classtype:trojan-activity;sid:84725564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862462)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862462/; classtype:trojan-activity;sid:84725562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862463)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862463/; classtype:trojan-activity;sid:84725563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862449)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.142.209.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862449/; classtype:trojan-activity;sid:84725549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862450)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.142.209.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862450/; classtype:trojan-activity;sid:84725550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862451)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.142.209.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862451/; classtype:trojan-activity;sid:84725551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862452)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862452/; classtype:trojan-activity;sid:84725552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862453)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862453/; classtype:trojan-activity;sid:84725553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862454)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862454/; classtype:trojan-activity;sid:84725554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862455)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862455/; classtype:trojan-activity;sid:84725555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862456)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862456/; classtype:trojan-activity;sid:84725556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862457)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.142.209.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862457/; classtype:trojan-activity;sid:84725557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862458)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862458/; classtype:trojan-activity;sid:84725558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862459)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862459/; classtype:trojan-activity;sid:84725559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862460)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862460/; classtype:trojan-activity;sid:84725560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862461)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.175.217.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862461/; classtype:trojan-activity;sid:84725561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862442)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.142.209.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862442/; classtype:trojan-activity;sid:84725542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862443)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.142.209.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862443/; classtype:trojan-activity;sid:84725543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862444)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.142.209.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862444/; classtype:trojan-activity;sid:84725544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862445)"; flow:established,from_client; content:"GET"; http_method; content:"/manual.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.142.209.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862445/; classtype:trojan-activity;sid:84725545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862446)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.142.209.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862446/; classtype:trojan-activity;sid:84725546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862447)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dbg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.142.209.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862447/; classtype:trojan-activity;sid:84725547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862448)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.142.209.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862448/; classtype:trojan-activity;sid:84725548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862438)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.142.209.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862438/; classtype:trojan-activity;sid:84725538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862439)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.142.209.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862439/; classtype:trojan-activity;sid:84725539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862440)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.142.209.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862440/; classtype:trojan-activity;sid:84725540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862441)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.142.209.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862441/; classtype:trojan-activity;sid:84725541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862437)"; flow:established,from_client; content:"GET"; http_method; content:"/miraint.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"104.143.206.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862437/; classtype:trojan-activity;sid:84725537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862436)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.143.206.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862436/; classtype:trojan-activity;sid:84725536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862428)"; flow:established,from_client; content:"GET"; http_method; content:"/miraint.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.143.206.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862428/; classtype:trojan-activity;sid:84725528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862429)"; flow:established,from_client; content:"GET"; http_method; content:"/miraint.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.143.206.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862429/; classtype:trojan-activity;sid:84725529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862430)"; flow:established,from_client; content:"GET"; http_method; content:"/miraint.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.143.206.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862430/; classtype:trojan-activity;sid:84725530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862431)"; flow:established,from_client; content:"GET"; http_method; content:"/miraint.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.143.206.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862431/; classtype:trojan-activity;sid:84725531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862432)"; flow:established,from_client; content:"GET"; http_method; content:"/miraint.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"104.143.206.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862432/; classtype:trojan-activity;sid:84725532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862433)"; flow:established,from_client; content:"GET"; http_method; content:"/miraint.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"104.143.206.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862433/; classtype:trojan-activity;sid:84725533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862434)"; flow:established,from_client; content:"GET"; http_method; content:"/miraint.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"104.143.206.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862434/; classtype:trojan-activity;sid:84725534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862435)"; flow:established,from_client; content:"GET"; http_method; content:"/miraint.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"104.143.206.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862435/; classtype:trojan-activity;sid:84725535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862427/; classtype:trojan-activity;sid:84725527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.91.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862426/; classtype:trojan-activity;sid:84725526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.97.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862425/; classtype:trojan-activity;sid:84725525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.72.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862424/; classtype:trojan-activity;sid:84725524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862423)"; flow:established,from_client; content:"GET"; http_method; content:"/b10cd247-3542-4d49-a4fc-bb82266acdb7"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"oejoixm.amlakshahri.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862423/; classtype:trojan-activity;sid:84725523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.111.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862422/; classtype:trojan-activity;sid:84725522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.168.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862421/; classtype:trojan-activity;sid:84725521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.46.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862420/; classtype:trojan-activity;sid:84725520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.180.244.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862419/; classtype:trojan-activity;sid:84725519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.137.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862418/; classtype:trojan-activity;sid:84725518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862417)"; flow:established,from_client; content:"GET"; http_method; content:"/c22a2419-2180-4923-8e82-56dfc958ace6"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"iamcklbz.wrfc8.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862417/; classtype:trojan-activity;sid:84725517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862416)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=5891a50d-b63d-489d-bc73-f267441530da"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"rattc2jn.asibshenasiyahya.shop"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862416/; classtype:trojan-activity;sid:84725516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.10.133.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862415/; classtype:trojan-activity;sid:84725515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862414/; classtype:trojan-activity;sid:84725514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862413)"; flow:established,from_client; content:"GET"; http_method; content:"/f3ac497b-3054-475d-bd3d-13be3a36c397"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lzwtxwrr.winxbet.co"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862413/; classtype:trojan-activity;sid:84725513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862412)"; flow:established,from_client; content:"GET"; http_method; content:"/00789edf-5d65-4b90-b895-ea40e0c166a9"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zhfxkf.bankefile.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862412/; classtype:trojan-activity;sid:84725512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.133.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862411/; classtype:trojan-activity;sid:84725511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862410)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=dd2e02e8-a6db-4728-bd85-793004fdf72e"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"m47hkbcd.ganuneasasi.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862410/; classtype:trojan-activity;sid:84725510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862409)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=cbdf8e24-4d55-469a-a591-39a41b123482"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"sk4a8369.anodaz.store"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862409/; classtype:trojan-activity;sid:84725509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.106.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862408/; classtype:trojan-activity;sid:84725508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.60.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862407/; classtype:trojan-activity;sid:84725507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.10.133.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862406/; classtype:trojan-activity;sid:84725506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.74.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862405/; classtype:trojan-activity;sid:84725505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.60.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862404/; classtype:trojan-activity;sid:84725504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.3.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862403/; classtype:trojan-activity;sid:84725503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862402)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=422d788c-5d29-40c6-bf26-d0ff8fc4f52d"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"veb0im5p.ansuyemarg.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862402/; classtype:trojan-activity;sid:84725502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.3.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862401/; classtype:trojan-activity;sid:84725501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862400)"; flow:established,from_client; content:"GET"; http_method; content:"/5a983f1c-37e7-4ad1-aa8a-d70c965c97d0"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qmnldei.akhlagheslami.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862400/; classtype:trojan-activity;sid:84725500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862399)"; flow:established,from_client; content:"GET"; http_method; content:"/qqib-j3ob-picl-3175/img_rdmeoy.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"small-morning-8be0.fsocietyandtools.workers.dev"; http_host; depth:47; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862399/; classtype:trojan-activity;sid:84725499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862398)"; flow:established,from_client; content:"GET"; http_method; content:"/eba59a2f-961b-46d5-90b4-732768098de7"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"dguldnys.restaurantguideaarhus.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862398/; classtype:trojan-activity;sid:84725498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.106.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862397/; classtype:trojan-activity;sid:84725497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.72.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862396/; classtype:trojan-activity;sid:84725496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862395)"; flow:established,from_client; content:"GET"; http_method; content:"/babyfacexload.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.basefile.click"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862395/; classtype:trojan-activity;sid:84725495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862394)"; flow:established,from_client; content:"GET"; http_method; content:"/yufile.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.basefile.click"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862394/; classtype:trojan-activity;sid:84725494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862393)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msiljune.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.basefile.click"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862393/; classtype:trojan-activity;sid:84725493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862392)"; flow:established,from_client; content:"GET"; http_method; content:"//common/caches/edu.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"kpmmg.org"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862392/; classtype:trojan-activity;sid:84725492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.72.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862391/; classtype:trojan-activity;sid:84725491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.196.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862390/; classtype:trojan-activity;sid:84725490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.138.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862389/; classtype:trojan-activity;sid:84725489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862388)"; flow:established,from_client; content:"GET"; http_method; content:"/70beae92-77ab-4f02-9ba3-0fb960a454b4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ykjqdm.bankefile.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862388/; classtype:trojan-activity;sid:84725488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862387)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=0eb66ccc-0b73-4497-9735-1e0291733343"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"rqwkms23.anodaz.store"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862387/; classtype:trojan-activity;sid:84725487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.140.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862386/; classtype:trojan-activity;sid:84725486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.182.226.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862385/; classtype:trojan-activity;sid:84725485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862384)"; flow:established,from_client; content:"GET"; http_method; content:"/xxx.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862384/; classtype:trojan-activity;sid:84725484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862383)"; flow:established,from_client; content:"GET"; http_method; content:"/9cd38751-cfc3-49c5-acbd-5f8214fcc2dc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vzyeissn.rial.bet"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862383/; classtype:trojan-activity;sid:84725483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.191.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862382/; classtype:trojan-activity;sid:84725482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862381)"; flow:established,from_client; content:"GET"; http_method; content:"/9e7ee33a-24c1-4343-a8a3-7081b413cb2a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"sjowpfe.akhlageslami.xyz"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862381/; classtype:trojan-activity;sid:84725481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.99.183.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862380/; classtype:trojan-activity;sid:84725480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.152.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862379/; classtype:trojan-activity;sid:84725479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862378)"; flow:established,from_client; content:"GET"; http_method; content:"/c0c89567-a44e-483e-a019-2bf07dbd4511"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ouqzmwvg.jamjahani.football"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862378/; classtype:trojan-activity;sid:84725478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.140.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862377/; classtype:trojan-activity;sid:84725477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.238.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862376/; classtype:trojan-activity;sid:84725476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.77.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862375/; classtype:trojan-activity;sid:84725475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.99.183.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862374/; classtype:trojan-activity;sid:84725474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.182.226.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862373/; classtype:trojan-activity;sid:84725473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862372)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=602784c0-dcaa-49fd-8922-d54858c7ea10"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"azj9wm5k.fununetadris.shop"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862372/; classtype:trojan-activity;sid:84725472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862371)"; flow:established,from_client; content:"GET"; http_method; content:"/b0d8fe01-aef2-4f6d-b392-852ed6d3eb68"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"llonnk.bankefile.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862371/; classtype:trojan-activity;sid:84725471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.191.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862370/; classtype:trojan-activity;sid:84725470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.230.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862369/; classtype:trojan-activity;sid:84725469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.152.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862368/; classtype:trojan-activity;sid:84725468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.138.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862367/; classtype:trojan-activity;sid:84725467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862366)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1ffca209-7e8d-42dc-ad26-034e720d2cc4"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"gng97m36.angizeshfarahani.store"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862366/; classtype:trojan-activity;sid:84725466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862365)"; flow:established,from_client; content:"GET"; http_method; content:"/eab7ce51-a214-4476-a255-93d714b542a9"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lzkgofe.akhlagvaahkam.xyz"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862365/; classtype:trojan-activity;sid:84725465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862364)"; flow:established,from_client; content:"GET"; http_method; content:"/d7e0|3f|download_token=8fd14012ea855aa9faf80c8eb1af722badb53202b93e2f60115069ac45612e91"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"bedrive.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862364/; classtype:trojan-activity;sid:84725464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.9.35.137"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862363/; classtype:trojan-activity;sid:84725463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862361)"; flow:established,from_client; content:"GET"; http_method; content:"/kmgqynobzwpgityvchgpflviegq39.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"192.3.136.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862361/; classtype:trojan-activity;sid:84725461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862362)"; flow:established,from_client; content:"GET"; http_method; content:"/arres.qxd"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"192.3.136.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862362/; classtype:trojan-activity;sid:84725462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862360)"; flow:established,from_client; content:"GET"; http_method; content:"/2.hta"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"friendly-trifle-f3e6f0.netlify.app"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862360/; classtype:trojan-activity;sid:84725460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.254.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862359/; classtype:trojan-activity;sid:84725459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.232.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862358/; classtype:trojan-activity;sid:84725458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.149.40.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862357/; classtype:trojan-activity;sid:84725457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862356)"; flow:established,from_client; content:"GET"; http_method; content:"/49adf6ae-a534-4549-bde2-926adadbe2e2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xqbzvgfy.red90.casino"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862356/; classtype:trojan-activity;sid:84725456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.196.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862355/; classtype:trojan-activity;sid:84725455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.118.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862354/; classtype:trojan-activity;sid:84725454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.196.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862353/; classtype:trojan-activity;sid:84725453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862352)"; flow:established,from_client; content:"GET"; http_method; content:"/059aa6ee-63dc-4255-a31f-2411cf06e87d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"yovejfu.amlakshahri.xyz"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862352/; classtype:trojan-activity;sid:84725452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.248.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862351/; classtype:trojan-activity;sid:84725451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.254.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862350/; classtype:trojan-activity;sid:84725450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.55.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862349/; classtype:trojan-activity;sid:84725449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.55.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862348/; classtype:trojan-activity;sid:84725448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.248.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862347/; classtype:trojan-activity;sid:84725447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.137.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862346/; classtype:trojan-activity;sid:84725446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.169.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862345/; classtype:trojan-activity;sid:84725445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862344)"; flow:established,from_client; content:"GET"; http_method; content:"/94bcbf70-07df-476e-b9a9-519732a2b8b4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"krezxpiv.jamjahani2026.football"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862344/; classtype:trojan-activity;sid:84725444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862342)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-blkcg"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.139.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862342/; classtype:trojan-activity;sid:84725442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862343)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2026ruproishestviyi.vercel.app"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862343/; classtype:trojan-activity;sid:84725443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862341)"; flow:established,from_client; content:"GET"; http_method; content:"/d7e0|3f|download_token=39b398d20f8fb10382d430e67c7c9de8aee2e70b95f4c135360967a0b8b53b0d"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"bedrive.ru"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862341/; classtype:trojan-activity;sid:84725441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862337)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gosuslugi-help.vercel.app"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862337/; classtype:trojan-activity;sid:84725437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862338)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"max-files.vercel.app"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862338/; classtype:trojan-activity;sid:84725438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862339)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"infohelprus.vercel.app"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862339/; classtype:trojan-activity;sid:84725439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862340)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"photomaxost.vercel.app"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862340/; classtype:trojan-activity;sid:84725440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862335)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-netns-rt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"176.65.139.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862335/; classtype:trojan-activity;sid:84725435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862336)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-rcu"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.139.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862336/; classtype:trojan-activity;sid:84725436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862325)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-irq-bal"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.139.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862325/; classtype:trojan-activity;sid:84725425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862326)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-netns"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"176.65.139.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862326/; classtype:trojan-activity;sid:84725426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862327)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-softirq"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"176.65.139.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862327/; classtype:trojan-activity;sid:84725427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862328)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-writeback"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"176.65.139.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862328/; classtype:trojan-activity;sid:84725428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862329)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-irq"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"176.65.139.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862329/; classtype:trojan-activity;sid:84725429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862330)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-mm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.65.139.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862330/; classtype:trojan-activity;sid:84725430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862331)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-events"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.139.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862331/; classtype:trojan-activity;sid:84725431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862332)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-scsi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.65.139.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862332/; classtype:trojan-activity;sid:84725432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862333)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd-crypto"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"176.65.139.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862333/; classtype:trojan-activity;sid:84725433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862334)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworkerd"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862334/; classtype:trojan-activity;sid:84725434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862324)"; flow:established,from_client; content:"GET"; http_method; content:"/init.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.139.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862324/; classtype:trojan-activity;sid:84725424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.168.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862323/; classtype:trojan-activity;sid:84725423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.186.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862322/; classtype:trojan-activity;sid:84725422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862321)"; flow:established,from_client; content:"GET"; http_method; content:"/8140b622-c1c2-4fe9-8bb8-6be031e0c442"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"tdfzyex.amoozeshagazade.shop"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862321/; classtype:trojan-activity;sid:84725421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862320)"; flow:established,from_client; content:"GET"; http_method; content:"/steg/stego_payloadxxx.png"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"salsabil.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862320/; classtype:trojan-activity;sid:84725420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862319)"; flow:established,from_client; content:"GET"; http_method; content:"/g/static/s/js/client.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"fmrio.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862319/; classtype:trojan-activity;sid:84725419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862318)"; flow:established,from_client; content:"GET"; http_method; content:"/kk/hope.dat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jamesautomobile.online"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862318/; classtype:trojan-activity;sid:84725418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862317)"; flow:established,from_client; content:"GET"; http_method; content:"/hld/optimized_msi.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"kaza.com.hk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862317/; classtype:trojan-activity;sid:84725417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862316)"; flow:established,from_client; content:"GET"; http_method; content:"/jaypierec.pfm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pub-61119fe0dab842b58c9c358838f9b0da.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862316/; classtype:trojan-activity;sid:84725416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862315)"; flow:established,from_client; content:"GET"; http_method; content:"/4325.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vrdccbank.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862315/; classtype:trojan-activity;sid:84725415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.186.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862314/; classtype:trojan-activity;sid:84725414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862313)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.139.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862313/; classtype:trojan-activity;sid:84725413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.168.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862312/; classtype:trojan-activity;sid:84725412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.26.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862311/; classtype:trojan-activity;sid:84725411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.215.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862309/; classtype:trojan-activity;sid:84725409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.34.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862310/; classtype:trojan-activity;sid:84725410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.34.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862308/; classtype:trojan-activity;sid:84725408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862307)"; flow:established,from_client; content:"GET"; http_method; content:"/aa879b30-c23c-44d3-b492-947d4f5a5740"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pfyfyt.bankefiile.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862307/; classtype:trojan-activity;sid:84725407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862306)"; flow:established,from_client; content:"GET"; http_method; content:"/e0583d6f-51c2-4100-97a8-7bd9a9dfb3f2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nljdiefg.jamjahani.football"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862306/; classtype:trojan-activity;sid:84725406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.221.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862305/; classtype:trojan-activity;sid:84725405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862304)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=b467e003-6aee-4a73-ae1c-4f448c5aa68a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"lq8j82kc.shirbetfarsi.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862304/; classtype:trojan-activity;sid:84725404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.235.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862303/; classtype:trojan-activity;sid:84725403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862302)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=6a25707c-7070-4d6a-8fa6-454cf440bbb3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"3yl7mt55.andisheeslami2.xyz"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862302/; classtype:trojan-activity;sid:84725402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.203.55.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862301/; classtype:trojan-activity;sid:84725401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.77.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862300/; classtype:trojan-activity;sid:84725400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.26.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862299/; classtype:trojan-activity;sid:84725399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.215.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862298/; classtype:trojan-activity;sid:84725398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.217.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862297/; classtype:trojan-activity;sid:84725397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.156.87.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862295/; classtype:trojan-activity;sid:84725395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862296)"; flow:established,from_client; content:"GET"; http_method; content:"/cares.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"corwineagles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862296/; classtype:trojan-activity;sid:84725396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862294)"; flow:established,from_client; content:"GET"; http_method; content:"/update"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.94.31.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862294/; classtype:trojan-activity;sid:84725394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862293)"; flow:established,from_client; content:"GET"; http_method; content:"/mcbh/mcbh.dat"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"hdhz.it.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862293/; classtype:trojan-activity;sid:84725393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862292)"; flow:established,from_client; content:"GET"; http_method; content:"/eaglejetclient4.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862292/; classtype:trojan-activity;sid:84725392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.225.1.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862291/; classtype:trojan-activity;sid:84725391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862290)"; flow:established,from_client; content:"GET"; http_method; content:"/c/bin.dat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"comserlivuior.store"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862290/; classtype:trojan-activity;sid:84725390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862289)"; flow:established,from_client; content:"GET"; http_method; content:"/a/bin.dat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"comserlivuior.store"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862289/; classtype:trojan-activity;sid:84725389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862288)"; flow:established,from_client; content:"GET"; http_method; content:"/d/bin.dat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"comserlivuior.store"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862288/; classtype:trojan-activity;sid:84725388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862287)"; flow:established,from_client; content:"GET"; http_method; content:"/b/bin.dat"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"comserlivuior.store"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862287/; classtype:trojan-activity;sid:84725387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862286)"; flow:established,from_client; content:"GET"; http_method; content:"/a4c37e8b-56df-4af3-b72e-ed3d06ed1eb5"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xtktlprb.rial.bet"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862286/; classtype:trojan-activity;sid:84725386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862285)"; flow:established,from_client; content:"GET"; http_method; content:"/grc/bin.dat"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"usjcx.site"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862285/; classtype:trojan-activity;sid:84725385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862283)"; flow:established,from_client; content:"GET"; http_method; content:"/yuyu/rumpyu.png"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tradedsglobal.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862283/; classtype:trojan-activity;sid:84725383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862284)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msilatino.png"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tradedsglobal.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862284/; classtype:trojan-activity;sid:84725384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862282)"; flow:established,from_client; content:"GET"; http_method; content:"/steg/stego_pussycat.png"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"salsabil.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862282/; classtype:trojan-activity;sid:84725382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862281)"; flow:established,from_client; content:"GET"; http_method; content:"/xyz1.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"sandyadamspodcast.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862281/; classtype:trojan-activity;sid:84725381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862280)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=5d59516b-dece-4d3f-b936-36271d5ef5d9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1yusfrvk.pishbinibet.bet"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862280/; classtype:trojan-activity;sid:84725380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862279)"; flow:established,from_client; content:"GET"; http_method; content:"/level/stub.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pingdisp.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862279/; classtype:trojan-activity;sid:84725379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862278)"; flow:established,from_client; content:"GET"; http_method; content:"/f7517b32-8001-43d1-8bdc-97e1ab0b288b"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ithfkpx.amoozeshtagipour.shop"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862278/; classtype:trojan-activity;sid:84725378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.77.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862277/; classtype:trojan-activity;sid:84725377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.93.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862276/; classtype:trojan-activity;sid:84725376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.203.55.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862275/; classtype:trojan-activity;sid:84725375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862274)"; flow:established,from_client; content:"GET"; http_method; content:"/wealthy4500/pc/raw/refs/heads/main/zoominstaller.msi"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862274/; classtype:trojan-activity;sid:84725374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862273)"; flow:established,from_client; content:"GET"; http_method; content:"/wealthy4500/desk/refs/heads/main/okkefhr.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862273/; classtype:trojan-activity;sid:84725373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862272)"; flow:established,from_client; content:"GET"; http_method; content:"/wealthy4500/desk/refs/heads/main/mcdfmff.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862272/; classtype:trojan-activity;sid:84725372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862271)"; flow:established,from_client; content:"GET"; http_method; content:"/ysxpq"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862271/; classtype:trojan-activity;sid:84725371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862270)"; flow:established,from_client; content:"GET"; http_method; content:"/labito.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pub-ce02802067934e0eb072f69bf6427bf6.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862270/; classtype:trojan-activity;sid:84725370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.139.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862269/; classtype:trojan-activity;sid:84725369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862268)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862268/; classtype:trojan-activity;sid:84725368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862267)"; flow:established,from_client; content:"GET"; http_method; content:"/cc2"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862267/; classtype:trojan-activity;sid:84725367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862264)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862264/; classtype:trojan-activity;sid:84725364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862265)"; flow:established,from_client; content:"GET"; http_method; content:"/bot_arm32"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862265/; classtype:trojan-activity;sid:84725365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862266)"; flow:established,from_client; content:"GET"; http_method; content:"/x0z"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862266/; classtype:trojan-activity;sid:84725366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862263)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862263/; classtype:trojan-activity;sid:84725363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862262)"; flow:established,from_client; content:"GET"; http_method; content:"/64b82e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862262/; classtype:trojan-activity;sid:84725362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862258)"; flow:established,from_client; content:"GET"; http_method; content:"/qpf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862258/; classtype:trojan-activity;sid:84725358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862259)"; flow:established,from_client; content:"GET"; http_method; content:"/wz7t"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862259/; classtype:trojan-activity;sid:84725359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862260)"; flow:established,from_client; content:"GET"; http_method; content:"/qsob"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862260/; classtype:trojan-activity;sid:84725360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862261)"; flow:established,from_client; content:"GET"; http_method; content:"/jrre"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862261/; classtype:trojan-activity;sid:84725361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862242)"; flow:established,from_client; content:"GET"; http_method; content:"/qvz1"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862242/; classtype:trojan-activity;sid:84725342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862243)"; flow:established,from_client; content:"GET"; http_method; content:"/ida"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862243/; classtype:trojan-activity;sid:84725343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862244)"; flow:established,from_client; content:"GET"; http_method; content:"/mfmn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862244/; classtype:trojan-activity;sid:84725344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862245)"; flow:established,from_client; content:"GET"; http_method; content:"/0bd3"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862245/; classtype:trojan-activity;sid:84725345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862246)"; flow:established,from_client; content:"GET"; http_method; content:"/mfl"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862246/; classtype:trojan-activity;sid:84725346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862247)"; flow:established,from_client; content:"GET"; http_method; content:"/my6"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862247/; classtype:trojan-activity;sid:84725347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862248)"; flow:established,from_client; content:"GET"; http_method; content:"/mxl"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862248/; classtype:trojan-activity;sid:84725348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862249)"; flow:established,from_client; content:"GET"; http_method; content:"/c9d703"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862249/; classtype:trojan-activity;sid:84725349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862250)"; flow:established,from_client; content:"GET"; http_method; content:"/0fb7eb"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862250/; classtype:trojan-activity;sid:84725350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862251)"; flow:established,from_client; content:"GET"; http_method; content:"/43c3ea"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862251/; classtype:trojan-activity;sid:84725351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862252)"; flow:established,from_client; content:"GET"; http_method; content:"/d65f43"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862252/; classtype:trojan-activity;sid:84725352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862253)"; flow:established,from_client; content:"GET"; http_method; content:"/ef53ac"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862253/; classtype:trojan-activity;sid:84725353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862254)"; flow:established,from_client; content:"GET"; http_method; content:"/cb5811"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862254/; classtype:trojan-activity;sid:84725354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862255)"; flow:established,from_client; content:"GET"; http_method; content:"/6cdc8f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862255/; classtype:trojan-activity;sid:84725355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862256)"; flow:established,from_client; content:"GET"; http_method; content:"/87516e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862256/; classtype:trojan-activity;sid:84725356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862257)"; flow:established,from_client; content:"GET"; http_method; content:"/mspn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862257/; classtype:trojan-activity;sid:84725357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862241)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"nickart.ro"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862241/; classtype:trojan-activity;sid:84725341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862237)"; flow:established,from_client; content:"GET"; http_method; content:"/1nk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862237/; classtype:trojan-activity;sid:84725337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862238)"; flow:established,from_client; content:"GET"; http_method; content:"/120aaa"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862238/; classtype:trojan-activity;sid:84725338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862239)"; flow:established,from_client; content:"GET"; http_method; content:"/c235ec"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862239/; classtype:trojan-activity;sid:84725339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862240)"; flow:established,from_client; content:"GET"; http_method; content:"/05dcab"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862240/; classtype:trojan-activity;sid:84725340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862236)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ybvexgfibpzeuwar8f-jxnjljj9tjubu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862236/; classtype:trojan-activity;sid:84725336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1j4v6vivmg6u5ayhp00s0vbatiqdktc0v"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862235/; classtype:trojan-activity;sid:84725335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862234)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1aewama0wm7r784ywjz_mtklw4kgckwxy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862234/; classtype:trojan-activity;sid:84725334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862233)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1k__k_wyqnky1fcdp3ics5n6p-rgtfhdy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862233/; classtype:trojan-activity;sid:84725333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862232)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dhot3wrrghjcwefhhajebepw8jy0n8fu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862232/; classtype:trojan-activity;sid:84725332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862231)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cp3rggonp5qrfs67hi61ctzysft97zan"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862231/; classtype:trojan-activity;sid:84725331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862230)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gqu2gdfdl5ypuwfw2n8kdgsaj_bs81vc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862230/; classtype:trojan-activity;sid:84725330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.149.40.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862229/; classtype:trojan-activity;sid:84725329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.227.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862228/; classtype:trojan-activity;sid:84725328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862227)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kxjea0riyrxmxhbys2wddsb9qlow0ldg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862227/; classtype:trojan-activity;sid:84725327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862225)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1c4mp9pub8cc-16cuvi88makoktfun90m"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862225/; classtype:trojan-activity;sid:84725325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862226)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yig7doblhf_blelcpynpr5f64mr8zomk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862226/; classtype:trojan-activity;sid:84725326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862223)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hljqauzc4jreupoxnmmywjfz2ehbran_"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862223/; classtype:trojan-activity;sid:84725323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862224)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rnvkfnj9ig1e3_fjq8jsquybgrvu9vl6"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862224/; classtype:trojan-activity;sid:84725324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862222)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1a2f7rkedjutv3t_7hit5ya-ooy0sjp-r"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862222/; classtype:trojan-activity;sid:84725322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.138.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862221/; classtype:trojan-activity;sid:84725321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862220)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ozt9sdo_ntvrzam0kx4dbzxtcrm_lul2"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862220/; classtype:trojan-activity;sid:84725320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.247.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862219/; classtype:trojan-activity;sid:84725319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862217)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ao1zfhbzdmkzuhxgxnktxoifaom8fv5w"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862217/; classtype:trojan-activity;sid:84725317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862218)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dnh5j9_yoqhlkfcaopf98ufseqh5kcrs"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862218/; classtype:trojan-activity;sid:84725318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862215)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1x3dfl4d_tjtezrbujqc_ksbaswpazkhh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862215/; classtype:trojan-activity;sid:84725315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862216)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1mq_porvryuqzw86idajmfvqyp4c9nuer"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862216/; classtype:trojan-activity;sid:84725316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862214)"; flow:established,from_client; content:"GET"; http_method; content:"/f07bfc62-7aca-4ff9-9955-b23f60bd3705"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"uecvehp.amoozeshagazade.shop"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862214/; classtype:trojan-activity;sid:84725314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862213)"; flow:established,from_client; content:"GET"; http_method; content:"/befuzolxv.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pub-267b3d8f426d4d9ca10e514a1933f21b.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862213/; classtype:trojan-activity;sid:84725313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862212)"; flow:established,from_client; content:"GET"; http_method; content:"/dawci87cncfu.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pub-27c93f4f89e1465b9c1287f8d108b525.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862212/; classtype:trojan-activity;sid:84725312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862211)"; flow:established,from_client; content:"GET"; http_method; content:"/ooyrgc5d/raw"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastefy.app"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862211/; classtype:trojan-activity;sid:84725311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862210)"; flow:established,from_client; content:"GET"; http_method; content:"/gonnawilma"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"paste.sensio.no"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862210/; classtype:trojan-activity;sid:84725310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862209)"; flow:established,from_client; content:"GET"; http_method; content:"/stub.ps1"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"remolcares.us"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862209/; classtype:trojan-activity;sid:84725309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862205)"; flow:established,from_client; content:"GET"; http_method; content:"/johns.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.11.17.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862205/; classtype:trojan-activity;sid:84725305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862206)"; flow:established,from_client; content:"GET"; http_method; content:"/xwor.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zihnyunrui.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862206/; classtype:trojan-activity;sid:84725306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862207)"; flow:established,from_client; content:"GET"; http_method; content:"/sking.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"zihnyunrui.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862207/; classtype:trojan-activity;sid:84725307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862208)"; flow:established,from_client; content:"GET"; http_method; content:"/xobs.png"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"zihnyunrui.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862208/; classtype:trojan-activity;sid:84725308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862204)"; flow:established,from_client; content:"GET"; http_method; content:"/john_msi.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"141.11.17.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862204/; classtype:trojan-activity;sid:84725304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862203)"; flow:established,from_client; content:"GET"; http_method; content:"/qwertyuiop.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.vame.be"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862203/; classtype:trojan-activity;sid:84725303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862201)"; flow:established,from_client; content:"GET"; http_method; content:"/zxcvbnm.png"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.vame.be"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862201/; classtype:trojan-activity;sid:84725301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862202)"; flow:established,from_client; content:"GET"; http_method; content:"/wffd/update.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.vame.be"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862202/; classtype:trojan-activity;sid:84725302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.217.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862200/; classtype:trojan-activity;sid:84725300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862199)"; flow:established,from_client; content:"GET"; http_method; content:"/6b0022ad-4930-4176-91b3-4a4e8038c4c9"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"firdgorl.restaurantguideaarhus.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862199/; classtype:trojan-activity;sid:84725299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862198)"; flow:established,from_client; content:"GET"; http_method; content:"/img/1.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.172.13.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862198/; classtype:trojan-activity;sid:84725298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.169.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862197/; classtype:trojan-activity;sid:84725297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.169.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862196/; classtype:trojan-activity;sid:84725296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862195)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=2fd1588d-6e99-4243-929e-b31156d6195d"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"s4x5yd7i.anodaz.store"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862195/; classtype:trojan-activity;sid:84725295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.249.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862194/; classtype:trojan-activity;sid:84725294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.29.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862193/; classtype:trojan-activity;sid:84725293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.178.249.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862192/; classtype:trojan-activity;sid:84725292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.121.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862191/; classtype:trojan-activity;sid:84725291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862190)"; flow:established,from_client; content:"GET"; http_method; content:"/950da333-99fc-4797-a8dd-616967cabf88"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xmwofxxy.winxbet.co"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862190/; classtype:trojan-activity;sid:84725290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862189)"; flow:established,from_client; content:"GET"; http_method; content:"/720d6b14-6cf6-4a4b-b0da-0ea60d867c7c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"oxzqss.azmoonzare.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862189/; classtype:trojan-activity;sid:84725289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862188)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d00a3c77-6835-47c0-8ee5-51319a66cb45"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"0xln2imp.yekbetiran.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862188/; classtype:trojan-activity;sid:84725288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862187)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=933a6553-1820-422c-9c36-cdca534fd415"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"rkbvh5p1.parspoker.casino"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862187/; classtype:trojan-activity;sid:84725287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.93.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862186/; classtype:trojan-activity;sid:84725286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862185)"; flow:established,from_client; content:"GET"; http_method; content:"/sass/optimized_msiyu.png"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"brenmayasociados.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862185/; classtype:trojan-activity;sid:84725285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862184)"; flow:established,from_client; content:"GET"; http_method; content:"/sass/djoku.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"brenmayasociados.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862184/; classtype:trojan-activity;sid:84725284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862183)"; flow:established,from_client; content:"GET"; http_method; content:"/ckfinder/php.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"muaklekcoop.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862183/; classtype:trojan-activity;sid:84725283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862182)"; flow:established,from_client; content:"GET"; http_method; content:"/f32adadf-efc9-46c9-883b-a07606c53221"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pjekei.azmoonzare.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862182/; classtype:trojan-activity;sid:84725282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862181)"; flow:established,from_client; content:"GET"; http_method; content:"/e8f85459-1443-47a2-b93d-a9af1e6b8a53"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vohgvv.jamjahani.football"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862181/; classtype:trojan-activity;sid:84725281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862180)"; flow:established,from_client; content:"GET"; http_method; content:"/40b076fe-4da3-42ea-8578-7c2d33546338"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cbawrwwb.wrfc8.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862180/; classtype:trojan-activity;sid:84725280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.209.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862179/; classtype:trojan-activity;sid:84725279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.114.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862178/; classtype:trojan-activity;sid:84725278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.249.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862177/; classtype:trojan-activity;sid:84725277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862176)"; flow:established,from_client; content:"GET"; http_method; content:"/22/weneedbestthingswithbetterplacestocomebackgoodfor.js"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"198.12.83.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862176/; classtype:trojan-activity;sid:84725276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862175)"; flow:established,from_client; content:"GET"; http_method; content:"/dashboard/myfiles/sinduu9/ziahamgfe4bx1od.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"dogalhayat.space"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862175/; classtype:trojan-activity;sid:84725275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862174)"; flow:established,from_client; content:"GET"; http_method; content:"/22/enc/weneedbestsolutionsforme.hta"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"198.12.83.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862174/; classtype:trojan-activity;sid:84725274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862173)"; flow:established,from_client; content:"GET"; http_method; content:"/city101/nova_logs_2.dat"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"178.17.58.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862173/; classtype:trojan-activity;sid:84725273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862172)"; flow:established,from_client; content:"GET"; http_method; content:"/400/img_015511.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"107.172.13.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862172/; classtype:trojan-activity;sid:84725272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862171)"; flow:established,from_client; content:"GET"; http_method; content:"/400/howdougetmebackwithbestthingsforme.hta"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"107.172.13.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862171/; classtype:trojan-activity;sid:84725271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862170)"; flow:established,from_client; content:"GET"; http_method; content:"/300/img_014511.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"107.172.13.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862170/; classtype:trojan-activity;sid:84725270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862169)"; flow:established,from_client; content:"GET"; http_method; content:"/300/becomeperfecthistimeforbestproperthings.hta"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"107.172.13.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862169/; classtype:trojan-activity;sid:84725269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862168)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lmylvuimexof5vqctgyd9pwgzhzzewnb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862168/; classtype:trojan-activity;sid:84725268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.129.231.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862166/; classtype:trojan-activity;sid:84725266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.129.231.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862167/; classtype:trojan-activity;sid:84725267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862165)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=8249396e-0f6c-4aa6-aae3-49da6ef5c803"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"eaty6go0.anodaz.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862165/; classtype:trojan-activity;sid:84725265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"193.142.146.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862164/; classtype:trojan-activity;sid:84725264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"193.142.146.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862163/; classtype:trojan-activity;sid:84725263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"141.98.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862162/; classtype:trojan-activity;sid:84725262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862160)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"79.124.8.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862160/; classtype:trojan-activity;sid:84725260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"79.124.8.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862161/; classtype:trojan-activity;sid:84725261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.141.122.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862157/; classtype:trojan-activity;sid:84725257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"203.159.90.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862158/; classtype:trojan-activity;sid:84725258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"94.141.122.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862159/; classtype:trojan-activity;sid:84725259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"203.159.90.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862156/; classtype:trojan-activity;sid:84725256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.52.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862154/; classtype:trojan-activity;sid:84725254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.16.52.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862155/; classtype:trojan-activity;sid:84725255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.16.52.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862153/; classtype:trojan-activity;sid:84725253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.52.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862151/; classtype:trojan-activity;sid:84725251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862152)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862152/; classtype:trojan-activity;sid:84725252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.246.87.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862150/; classtype:trojan-activity;sid:84725250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.114.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862149/; classtype:trojan-activity;sid:84725249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862148)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=2d45fa7c-834d-4c88-bf6b-20ff31067b40"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"3sdhx6qp.pokerbazi.app"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862148/; classtype:trojan-activity;sid:84725248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.175.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862147/; classtype:trojan-activity;sid:84725247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862146)"; flow:established,from_client; content:"GET"; http_method; content:"/18fc17d8-afe0-4b19-8a7f-f913d0d0498f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"uknwgsop.red90.casino"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862146/; classtype:trojan-activity;sid:84725246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862145)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"16.171.16.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862145/; classtype:trojan-activity;sid:84725245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862141)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"16.171.16.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862141/; classtype:trojan-activity;sid:84725241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862142)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"16.171.16.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862142/; classtype:trojan-activity;sid:84725242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862143)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"16.171.16.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862143/; classtype:trojan-activity;sid:84725243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862144)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"16.171.16.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862144/; classtype:trojan-activity;sid:84725244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862139)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"16.171.16.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862139/; classtype:trojan-activity;sid:84725239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862140)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"16.171.16.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862140/; classtype:trojan-activity;sid:84725240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.157.66.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862138/; classtype:trojan-activity;sid:84725238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862137)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"16.171.16.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862137/; classtype:trojan-activity;sid:84725237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862136)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.156.87.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862136/; classtype:trojan-activity;sid:84725236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862135)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.mipsel"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.154.98.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862135/; classtype:trojan-activity;sid:84725235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862128)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.154.98.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862128/; classtype:trojan-activity;sid:84725228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862129)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.154.98.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862129/; classtype:trojan-activity;sid:84725229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862130)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.154.98.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862130/; classtype:trojan-activity;sid:84725230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862131)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.154.98.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862131/; classtype:trojan-activity;sid:84725231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862132)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.sparc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.154.98.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862132/; classtype:trojan-activity;sid:84725232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862133)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.154.98.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862133/; classtype:trojan-activity;sid:84725233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862134)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.154.98.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862134/; classtype:trojan-activity;sid:84725234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862124)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.154.98.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862124/; classtype:trojan-activity;sid:84725224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862125)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.154.98.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862125/; classtype:trojan-activity;sid:84725225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862126)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.154.98.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862126/; classtype:trojan-activity;sid:84725226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862127)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.154.98.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862127/; classtype:trojan-activity;sid:84725227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862123)"; flow:established,from_client; content:"GET"; http_method; content:"/fbi.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.154.98.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862123/; classtype:trojan-activity;sid:84725223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862122)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"77.91.96.41"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862122/; classtype:trojan-activity;sid:84725222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862121)"; flow:established,from_client; content:"GET"; http_method; content:"/client.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.214.78.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862121/; classtype:trojan-activity;sid:84725221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862120)"; flow:established,from_client; content:"GET"; http_method; content:"/y"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"204.76.203.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862120/; classtype:trojan-activity;sid:84725220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862118)"; flow:established,from_client; content:"GET"; http_method; content:"/ckfinder/core/js/hilton.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"muaklekcoop.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862118/; classtype:trojan-activity;sid:84725218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862119)"; flow:established,from_client; content:"GET"; http_method; content:"/ckfinder/core/js/acr-g1upd-639159296668701809.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"muaklekcoop.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862119/; classtype:trojan-activity;sid:84725219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862117)"; flow:established,from_client; content:"GET"; http_method; content:"/ckfinder/core/js/phpjquery.php"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"muaklekcoop.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862117/; classtype:trojan-activity;sid:84725217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.175.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862116/; classtype:trojan-activity;sid:84725216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.206.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862115/; classtype:trojan-activity;sid:84725215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.255.251.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862114/; classtype:trojan-activity;sid:84725214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.201.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862113/; classtype:trojan-activity;sid:84725213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.55.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862112/; classtype:trojan-activity;sid:84725212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862111)"; flow:established,from_client; content:"GET"; http_method; content:"/bd930980-0370-4700-88fc-ae872d578401"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jxsofena.shartbandi.games"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862111/; classtype:trojan-activity;sid:84725211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862110)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yspex-8wakpiny-q6e6wm84offf01b-n"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862110/; classtype:trojan-activity;sid:84725210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862109)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1kjs-qdepciqsa2idkz75zpqeglx9fhch"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862109/; classtype:trojan-activity;sid:84725209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.201.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862108/; classtype:trojan-activity;sid:84725208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862107)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"142.93.47.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862107/; classtype:trojan-activity;sid:84725207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862105)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"uuyplunruss.vercel.app"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862105/; classtype:trojan-activity;sid:84725205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862106)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"wwwwwess.vercel.app"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862106/; classtype:trojan-activity;sid:84725206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862101)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862101/; classtype:trojan-activity;sid:84725201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862102)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"16.171.16.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862102/; classtype:trojan-activity;sid:84725202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862103)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"rosdtp-site.vercel.app"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862103/; classtype:trojan-activity;sid:84725203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862104)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"ruproishestvie2026.vercel.app"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862104/; classtype:trojan-activity;sid:84725204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862098)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test_sys"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862098/; classtype:trojan-activity;sid:84725198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862099)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test_conn"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862099/; classtype:trojan-activity;sid:84725199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862100)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"16.171.16.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862100/; classtype:trojan-activity;sid:84725200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862096)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/test_min"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862096/; classtype:trojan-activity;sid:84725196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862097)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bot.debug"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.26.106.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862097/; classtype:trojan-activity;sid:84725197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862093)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862093/; classtype:trojan-activity;sid:84725193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862094)"; flow:established,from_client; content:"GET"; http_method; content:"/bbc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"169.40.104.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862094/; classtype:trojan-activity;sid:84725194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862095)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"16.171.16.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862095/; classtype:trojan-activity;sid:84725195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862092)"; flow:established,from_client; content:"GET"; http_method; content:"/flsz"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862092/; classtype:trojan-activity;sid:84725192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862088)"; flow:established,from_client; content:"GET"; http_method; content:"/lr6"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862088/; classtype:trojan-activity;sid:84725188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862089)"; flow:established,from_client; content:"GET"; http_method; content:"/ej9g"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862089/; classtype:trojan-activity;sid:84725189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862090)"; flow:established,from_client; content:"GET"; http_method; content:"/9qr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862090/; classtype:trojan-activity;sid:84725190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862091)"; flow:established,from_client; content:"GET"; http_method; content:"/siox"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862091/; classtype:trojan-activity;sid:84725191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862076)"; flow:established,from_client; content:"GET"; http_method; content:"/gml"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862076/; classtype:trojan-activity;sid:84725176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862077)"; flow:established,from_client; content:"GET"; http_method; content:"/tw0"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862077/; classtype:trojan-activity;sid:84725177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862078)"; flow:established,from_client; content:"GET"; http_method; content:"/coy"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862078/; classtype:trojan-activity;sid:84725178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862079)"; flow:established,from_client; content:"GET"; http_method; content:"/bffy"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862079/; classtype:trojan-activity;sid:84725179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862080)"; flow:established,from_client; content:"GET"; http_method; content:"/iqp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862080/; classtype:trojan-activity;sid:84725180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862081)"; flow:established,from_client; content:"GET"; http_method; content:"/677n"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862081/; classtype:trojan-activity;sid:84725181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862082)"; flow:established,from_client; content:"GET"; http_method; content:"/nps"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862082/; classtype:trojan-activity;sid:84725182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862083)"; flow:established,from_client; content:"GET"; http_method; content:"/aebfb6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862083/; classtype:trojan-activity;sid:84725183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862084)"; flow:established,from_client; content:"GET"; http_method; content:"/ecfb54"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862084/; classtype:trojan-activity;sid:84725184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862085)"; flow:established,from_client; content:"GET"; http_method; content:"/3e35df"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862085/; classtype:trojan-activity;sid:84725185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862086)"; flow:established,from_client; content:"GET"; http_method; content:"/41622b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862086/; classtype:trojan-activity;sid:84725186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862087)"; flow:established,from_client; content:"GET"; http_method; content:"/bfo"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862087/; classtype:trojan-activity;sid:84725187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862073)"; flow:established,from_client; content:"GET"; http_method; content:"/e03a9e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862073/; classtype:trojan-activity;sid:84725173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862074)"; flow:established,from_client; content:"GET"; http_method; content:"/0f9833"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862074/; classtype:trojan-activity;sid:84725174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862075)"; flow:established,from_client; content:"GET"; http_method; content:"/6w5"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862075/; classtype:trojan-activity;sid:84725175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862070)"; flow:established,from_client; content:"GET"; http_method; content:"/9vb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862070/; classtype:trojan-activity;sid:84725170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862071)"; flow:established,from_client; content:"GET"; http_method; content:"/8pvt"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862071/; classtype:trojan-activity;sid:84725171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862072)"; flow:established,from_client; content:"GET"; http_method; content:"/4pby"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862072/; classtype:trojan-activity;sid:84725172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862069)"; flow:established,from_client; content:"GET"; http_method; content:"/mod1"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862069/; classtype:trojan-activity;sid:84725169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862068)"; flow:established,from_client; content:"GET"; http_method; content:"/isz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862068/; classtype:trojan-activity;sid:84725168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862064)"; flow:established,from_client; content:"GET"; http_method; content:"/3aei"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862064/; classtype:trojan-activity;sid:84725164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862065)"; flow:established,from_client; content:"GET"; http_method; content:"/msjk"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862065/; classtype:trojan-activity;sid:84725165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862066)"; flow:established,from_client; content:"GET"; http_method; content:"/1aa4b9"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862066/; classtype:trojan-activity;sid:84725166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862067)"; flow:established,from_client; content:"GET"; http_method; content:"/cbe298"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862067/; classtype:trojan-activity;sid:84725167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862063)"; flow:established,from_client; content:"GET"; http_method; content:"/jkk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862063/; classtype:trojan-activity;sid:84725163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862061)"; flow:established,from_client; content:"GET"; http_method; content:"/06e11c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862061/; classtype:trojan-activity;sid:84725161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862062)"; flow:established,from_client; content:"GET"; http_method; content:"/976318"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862062/; classtype:trojan-activity;sid:84725162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862058)"; flow:established,from_client; content:"GET"; http_method; content:"/m2j9"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862058/; classtype:trojan-activity;sid:84725158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862059)"; flow:established,from_client; content:"GET"; http_method; content:"/xewa"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862059/; classtype:trojan-activity;sid:84725159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862060)"; flow:established,from_client; content:"GET"; http_method; content:"/din"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862060/; classtype:trojan-activity;sid:84725160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862027)"; flow:established,from_client; content:"GET"; http_method; content:"/vft2"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862027/; classtype:trojan-activity;sid:84725127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862028)"; flow:established,from_client; content:"GET"; http_method; content:"/qi9"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862028/; classtype:trojan-activity;sid:84725128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862029)"; flow:established,from_client; content:"GET"; http_method; content:"/5c4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862029/; classtype:trojan-activity;sid:84725129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862030)"; flow:established,from_client; content:"GET"; http_method; content:"/xmk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862030/; classtype:trojan-activity;sid:84725130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862031)"; flow:established,from_client; content:"GET"; http_method; content:"/vaz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862031/; classtype:trojan-activity;sid:84725131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862032)"; flow:established,from_client; content:"GET"; http_method; content:"/wdxq"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862032/; classtype:trojan-activity;sid:84725132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862033)"; flow:established,from_client; content:"GET"; http_method; content:"/ayi"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862033/; classtype:trojan-activity;sid:84725133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862034)"; flow:established,from_client; content:"GET"; http_method; content:"/ggx"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862034/; classtype:trojan-activity;sid:84725134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862035)"; flow:established,from_client; content:"GET"; http_method; content:"/lxz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862035/; classtype:trojan-activity;sid:84725135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862036)"; flow:established,from_client; content:"GET"; http_method; content:"/yue"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862036/; classtype:trojan-activity;sid:84725136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862037)"; flow:established,from_client; content:"GET"; http_method; content:"/l0s"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862037/; classtype:trojan-activity;sid:84725137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862038)"; flow:established,from_client; content:"GET"; http_method; content:"/ttx"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862038/; classtype:trojan-activity;sid:84725138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862039)"; flow:established,from_client; content:"GET"; http_method; content:"/ewrm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862039/; classtype:trojan-activity;sid:84725139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862040)"; flow:established,from_client; content:"GET"; http_method; content:"/tzo"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862040/; classtype:trojan-activity;sid:84725140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862041)"; flow:established,from_client; content:"GET"; http_method; content:"/hyo"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862041/; classtype:trojan-activity;sid:84725141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862042)"; flow:established,from_client; content:"GET"; http_method; content:"/aug"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862042/; classtype:trojan-activity;sid:84725142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862043)"; flow:established,from_client; content:"GET"; http_method; content:"/ii4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862043/; classtype:trojan-activity;sid:84725143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862044)"; flow:established,from_client; content:"GET"; http_method; content:"/jzj"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862044/; classtype:trojan-activity;sid:84725144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862045)"; flow:established,from_client; content:"GET"; http_method; content:"/a2153f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862045/; classtype:trojan-activity;sid:84725145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862046)"; flow:established,from_client; content:"GET"; http_method; content:"/07815c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862046/; classtype:trojan-activity;sid:84725146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862047)"; flow:established,from_client; content:"GET"; http_method; content:"/ee8f35"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862047/; classtype:trojan-activity;sid:84725147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862048)"; flow:established,from_client; content:"GET"; http_method; content:"/85ad92"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862048/; classtype:trojan-activity;sid:84725148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862049)"; flow:established,from_client; content:"GET"; http_method; content:"/4c6ac2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862049/; classtype:trojan-activity;sid:84725149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862050)"; flow:established,from_client; content:"GET"; http_method; content:"/73490f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862050/; classtype:trojan-activity;sid:84725150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862051)"; flow:established,from_client; content:"GET"; http_method; content:"/3b0f2b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862051/; classtype:trojan-activity;sid:84725151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862052)"; flow:established,from_client; content:"GET"; http_method; content:"/a5dfa2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862052/; classtype:trojan-activity;sid:84725152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862053)"; flow:established,from_client; content:"GET"; http_method; content:"/0cc697"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862053/; classtype:trojan-activity;sid:84725153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862054)"; flow:established,from_client; content:"GET"; http_method; content:"/fd5b2f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862054/; classtype:trojan-activity;sid:84725154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862055)"; flow:established,from_client; content:"GET"; http_method; content:"/c5d305"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862055/; classtype:trojan-activity;sid:84725155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862056)"; flow:established,from_client; content:"GET"; http_method; content:"/f95318"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862056/; classtype:trojan-activity;sid:84725156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862057)"; flow:established,from_client; content:"GET"; http_method; content:"/keaq"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862057/; classtype:trojan-activity;sid:84725157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862026)"; flow:established,from_client; content:"GET"; http_method; content:"/oie"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862026/; classtype:trojan-activity;sid:84725126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862024)"; flow:established,from_client; content:"GET"; http_method; content:"/vemy"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862024/; classtype:trojan-activity;sid:84725124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862025)"; flow:established,from_client; content:"GET"; http_method; content:"/fewy"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862025/; classtype:trojan-activity;sid:84725125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862023)"; flow:established,from_client; content:"GET"; http_method; content:"/0zz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862023/; classtype:trojan-activity;sid:84725123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862022)"; flow:established,from_client; content:"GET"; http_method; content:"/4oe"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862022/; classtype:trojan-activity;sid:84725122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862021)"; flow:established,from_client; content:"GET"; http_method; content:"/j3k"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862021/; classtype:trojan-activity;sid:84725121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862020)"; flow:established,from_client; content:"GET"; http_method; content:"/voei"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862020/; classtype:trojan-activity;sid:84725120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862018)"; flow:established,from_client; content:"GET"; http_method; content:"/wtfh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862018/; classtype:trojan-activity;sid:84725118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862019)"; flow:established,from_client; content:"GET"; http_method; content:"/262b70"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862019/; classtype:trojan-activity;sid:84725119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862017)"; flow:established,from_client; content:"GET"; http_method; content:"/r2w"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862017/; classtype:trojan-activity;sid:84725117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862014)"; flow:established,from_client; content:"GET"; http_method; content:"/tvbr"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862014/; classtype:trojan-activity;sid:84725114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862015)"; flow:established,from_client; content:"GET"; http_method; content:"/citm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862015/; classtype:trojan-activity;sid:84725115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862016)"; flow:established,from_client; content:"GET"; http_method; content:"/bcb12b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862016/; classtype:trojan-activity;sid:84725116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862013)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=bc148ba5-6631-462f-85df-4aace6ca2d8c"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"rg6u6kf7.pokeray.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862013/; classtype:trojan-activity;sid:84725113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.255.251.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862012/; classtype:trojan-activity;sid:84725112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.157.66.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862011/; classtype:trojan-activity;sid:84725111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862010)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=f356d43a-1e50-4a2d-8b36-bdb1e3ab177a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"yfzhr93v.parsbet90.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862010/; classtype:trojan-activity;sid:84725110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862009)"; flow:established,from_client; content:"GET"; http_method; content:"/acd4bcba-cdef-4f85-a261-cfacac334a2c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hremhf.jamjahani2026.football"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862009/; classtype:trojan-activity;sid:84725109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862008)"; flow:established,from_client; content:"GET"; http_method; content:"/5565362f-e772-40c7-8b86-d0c8aae74143"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nllxfcjp.shartbandi.games"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862008/; classtype:trojan-activity;sid:84725108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.15.124.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862007/; classtype:trojan-activity;sid:84725107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.186.230.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862006/; classtype:trojan-activity;sid:84725106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.206.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862005/; classtype:trojan-activity;sid:84725105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.133.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862004/; classtype:trojan-activity;sid:84725104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862003)"; flow:established,from_client; content:"GET"; http_method; content:"/733d7611-f486-4f26-b6f1-a2b83e62d0c3"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qnsvnvkk.shartbandi.casino"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862003/; classtype:trojan-activity;sid:84725103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.228.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862002/; classtype:trojan-activity;sid:84725102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.230.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862001/; classtype:trojan-activity;sid:84725101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3862000)"; flow:established,from_client; content:"GET"; http_method; content:"/5d5f69a8-2e22-4213-9dab-6f1a94dc31fa"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vvoplgpy.bet303.poker"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3862000/; classtype:trojan-activity;sid:84725100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.173.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861999/; classtype:trojan-activity;sid:84725099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.56.232.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861998/; classtype:trojan-activity;sid:84725098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861997)"; flow:established,from_client; content:"GET"; http_method; content:"/archive/archived.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"avemod.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861997/; classtype:trojan-activity;sid:84725097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.161.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861996/; classtype:trojan-activity;sid:84725096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.173.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861995/; classtype:trojan-activity;sid:84725095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.56.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861993/; classtype:trojan-activity;sid:84725093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.190.203.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861994/; classtype:trojan-activity;sid:84725094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.65.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861992/; classtype:trojan-activity;sid:84725092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.95.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861991/; classtype:trojan-activity;sid:84725091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861990)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=5e9f2c30-6af3-4b5c-a727-f216c548770f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"8zktknmf.shirbetfarsi.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861990/; classtype:trojan-activity;sid:84725090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861989)"; flow:established,from_client; content:"GET"; http_method; content:"/6050a730-332e-48f6-98fd-0e9f5f541034"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vqfqrqgv.red90.casino"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861989/; classtype:trojan-activity;sid:84725089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.56.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861988/; classtype:trojan-activity;sid:84725088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861987/; classtype:trojan-activity;sid:84725087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.1.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861986/; classtype:trojan-activity;sid:84725086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861985)"; flow:established,from_client; content:"GET"; http_method; content:"/2a97e74d-840f-49a0-af2c-861841aa78a2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hylfko.pishbinibet.casino"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861985/; classtype:trojan-activity;sid:84725085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.236.65.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861984/; classtype:trojan-activity;sid:84725084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.99.178.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861983/; classtype:trojan-activity;sid:84725083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.121.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861982/; classtype:trojan-activity;sid:84725082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861981/; classtype:trojan-activity;sid:84725081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861980)"; flow:established,from_client; content:"GET"; http_method; content:"/12f626fb-8127-4690-84d2-fadcd4386738"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lxhcemuk.wrfc8.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861980/; classtype:trojan-activity;sid:84725080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.28.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861979/; classtype:trojan-activity;sid:84725079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.28.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861978/; classtype:trojan-activity;sid:84725078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.77.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861977/; classtype:trojan-activity;sid:84725077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.99.178.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861976/; classtype:trojan-activity;sid:84725076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.2.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861975/; classtype:trojan-activity;sid:84725075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.74.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861974/; classtype:trojan-activity;sid:84725074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.225.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861973/; classtype:trojan-activity;sid:84725073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861972)"; flow:established,from_client; content:"GET"; http_method; content:"/a8fbe3a9-741c-4aa9-bbaa-6a2e227d5b47"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qpemifog.winxbet.co"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861972/; classtype:trojan-activity;sid:84725072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.119.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861971/; classtype:trojan-activity;sid:84725071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.119.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861970/; classtype:trojan-activity;sid:84725070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.225.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861969/; classtype:trojan-activity;sid:84725069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861968/; classtype:trojan-activity;sid:84725068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.7.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861967/; classtype:trojan-activity;sid:84725067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861965/; classtype:trojan-activity;sid:84725065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.58.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861966/; classtype:trojan-activity;sid:84725066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861964)"; flow:established,from_client; content:"GET"; http_method; content:"/6f0f03b7-4382-4f14-85bb-03ec041c1ff9"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"izlayynu.winsportiran.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861964/; classtype:trojan-activity;sid:84725064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.1.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861963/; classtype:trojan-activity;sid:84725063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.253.55.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861962/; classtype:trojan-activity;sid:84725062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861961)"; flow:established,from_client; content:"GET"; http_method; content:"/9862427e-73c0-4cd8-9570-4569b5993a25"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"yhsgyl.pishbinisite.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861961/; classtype:trojan-activity;sid:84725061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861960)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=dc5e2406-7d6e-46fc-ab40-f2368a7c0751"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"o6k7lcz5.shartbazi.net"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861960/; classtype:trojan-activity;sid:84725060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.133.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861959/; classtype:trojan-activity;sid:84725059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.1.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861958/; classtype:trojan-activity;sid:84725058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.253.55.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861957/; classtype:trojan-activity;sid:84725057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.242.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861956/; classtype:trojan-activity;sid:84725056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.69.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861955/; classtype:trojan-activity;sid:84725055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861954)"; flow:established,from_client; content:"GET"; http_method; content:"/bd331615-0107-4848-be95-6c8b24c5bf78"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jqjvvqpy.one1x.bet"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861954/; classtype:trojan-activity;sid:84725054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.190.133.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861953/; classtype:trojan-activity;sid:84725053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861952)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=166d075a-0b85-4891-83ae-bf76d2675a63"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"5ronk1lr.pointsbetiran.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861952/; classtype:trojan-activity;sid:84725052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.28.193.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861951/; classtype:trojan-activity;sid:84725051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.39.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861950/; classtype:trojan-activity;sid:84725050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.228.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861949/; classtype:trojan-activity;sid:84725049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.242.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861948/; classtype:trojan-activity;sid:84725048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861947)"; flow:established,from_client; content:"GET"; http_method; content:"/0fcb22b1-9baa-46bf-a8a9-54a7092002ce"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"dxssnlzn.penalty.casino"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861947/; classtype:trojan-activity;sid:84725047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.39.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_10; reference:url, urlhaus.abuse.ch/url/3861946/; classtype:trojan-activity;sid:84725046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.193.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861945/; classtype:trojan-activity;sid:84725045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.179.228.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861944/; classtype:trojan-activity;sid:84725044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861943)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=928ef172-bb63-412e-8f45-0af70dc5c2f4"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"7kblrgq1.shartbazi.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861943/; classtype:trojan-activity;sid:84725043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861942)"; flow:established,from_client; content:"GET"; http_method; content:"/1d39f034-147c-4d7f-9d7e-1403923bc909"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mnhunimj.persian.sex"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861942/; classtype:trojan-activity;sid:84725042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.193.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861941/; classtype:trojan-activity;sid:84725041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861940)"; flow:established,from_client; content:"GET"; http_method; content:"/1e3941d2-207e-459e-ad04-bfb5908da817"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bjyqjg.onlineshart.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861940/; classtype:trojan-activity;sid:84725040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861939)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=14a90149-ffb8-4c79-9dff-7ea24eb569a6"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"w02eza6e.plinkoirani.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861939/; classtype:trojan-activity;sid:84725039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.179.228.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861938/; classtype:trojan-activity;sid:84725038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861937)"; flow:established,from_client; content:"GET"; http_method; content:"/files/881715592/czxvnud.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861937/; classtype:trojan-activity;sid:84725037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861936)"; flow:established,from_client; content:"GET"; http_method; content:"/2caebf3d-fd07-41d6-87e8-af5879e28b16"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"epxigqr.tagat120art.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861936/; classtype:trojan-activity;sid:84725036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.23.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861935/; classtype:trojan-activity;sid:84725035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.23.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861934/; classtype:trojan-activity;sid:84725034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861933)"; flow:established,from_client; content:"GET"; http_method; content:"/da94216c-de8f-4925-8b6e-193ae9287f0d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"swzbdpb.poker-online.bet"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861933/; classtype:trojan-activity;sid:84725033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.250.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861932/; classtype:trojan-activity;sid:84725032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.226.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861931/; classtype:trojan-activity;sid:84725031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.250.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861930/; classtype:trojan-activity;sid:84725030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.209.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861929/; classtype:trojan-activity;sid:84725029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.7.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861928/; classtype:trojan-activity;sid:84725028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861926)"; flow:established,from_client; content:"GET"; http_method; content:"/207cc6bd-0b75-486d-9164-1a03c16032f2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"wwwydzo.penaltibazi.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861926/; classtype:trojan-activity;sid:84725026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861927)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=938bd58f-afa9-4379-8e53-79d881e70d75"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"56c1ukt9.shart303.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861927/; classtype:trojan-activity;sid:84725027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861925)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.226.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861925/; classtype:trojan-activity;sid:84725025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.17.16.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861924/; classtype:trojan-activity;sid:84725024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861923)"; flow:established,from_client; content:"GET"; http_method; content:"/0c1d2236-2607-4456-890d-2fb6d354d0d5"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ppwbda.jamjahani.cash"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861923/; classtype:trojan-activity;sid:84725023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861922)"; flow:established,from_client; content:"GET"; http_method; content:"/progressive_8127.75.4792_install.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861922/; classtype:trojan-activity;sid:84725022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.66.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861921/; classtype:trojan-activity;sid:84725021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.58.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861920/; classtype:trojan-activity;sid:84725020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.7.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861919/; classtype:trojan-activity;sid:84725019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.72.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861918/; classtype:trojan-activity;sid:84725018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861917)"; flow:established,from_client; content:"GET"; http_method; content:"/8eb8c65d-3942-4a87-abf0-3f63a46597a2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"srninwh.one1xbet.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861917/; classtype:trojan-activity;sid:84725017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.66.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861916/; classtype:trojan-activity;sid:84725016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.28.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861915/; classtype:trojan-activity;sid:84725015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.236.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861914/; classtype:trojan-activity;sid:84725014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.58.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861913/; classtype:trojan-activity;sid:84725013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.120.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861912/; classtype:trojan-activity;sid:84725012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.231.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861911/; classtype:trojan-activity;sid:84725011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861910)"; flow:established,from_client; content:"GET"; http_method; content:"/8f09fdab-6b61-4f39-850e-f7c8727313c2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hqtzavl.mangobetfarsi.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861910/; classtype:trojan-activity;sid:84725010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861908)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/godisdead.6"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"152.236.7.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861908/; classtype:trojan-activity;sid:84725008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861909)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/godisdead.8"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"152.236.7.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861909/; classtype:trojan-activity;sid:84725009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861905)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/godisdead.2"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"152.236.7.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861905/; classtype:trojan-activity;sid:84725005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861906)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/godisdead.13"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"152.236.7.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861906/; classtype:trojan-activity;sid:84725006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861907)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/godisdead.7"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"152.236.7.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861907/; classtype:trojan-activity;sid:84725007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861904)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/godisdead.10"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"152.236.7.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861904/; classtype:trojan-activity;sid:84725004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861899)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/godisdead.5"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"152.236.7.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861899/; classtype:trojan-activity;sid:84724999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861900)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/godisdead.11"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"152.236.7.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861900/; classtype:trojan-activity;sid:84725000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861901)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/godisdead.4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"152.236.7.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861901/; classtype:trojan-activity;sid:84725001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861902)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/godisdead.1"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"152.236.7.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861902/; classtype:trojan-activity;sid:84725002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861903)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/godisdead.9"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"152.236.7.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861903/; classtype:trojan-activity;sid:84725003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.3.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861898/; classtype:trojan-activity;sid:84724998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.23.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861897/; classtype:trojan-activity;sid:84724997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861896)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/godisdead.3"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"152.236.7.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861896/; classtype:trojan-activity;sid:84724996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.48.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861895/; classtype:trojan-activity;sid:84724995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.3.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861894/; classtype:trojan-activity;sid:84724994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.136.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861893/; classtype:trojan-activity;sid:84724993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861892)"; flow:established,from_client; content:"GET"; http_method; content:"/80dd9442-9199-4419-a093-8583419d7c23"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"scvnivk.sabaad724.bet"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861892/; classtype:trojan-activity;sid:84724992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.24.84.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861891/; classtype:trojan-activity;sid:84724991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861890)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=487bda20-f4f6-48d6-8d83-6b8dd0a39e6f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"jcrlq1o7.sabzbet.bet"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861890/; classtype:trojan-activity;sid:84724990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861889)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.27.83.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861889/; classtype:trojan-activity;sid:84724989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.19.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861888/; classtype:trojan-activity;sid:84724988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.19.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861887/; classtype:trojan-activity;sid:84724987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.232.161.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861886/; classtype:trojan-activity;sid:84724986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861885)"; flow:established,from_client; content:"GET"; http_method; content:"/41e0e0ac-c290-4a2f-b3c2-3af73a9d6851"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"tmeypq.perfectgame.casino"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861885/; classtype:trojan-activity;sid:84724985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.206.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861884/; classtype:trojan-activity;sid:84724984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.137.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861883/; classtype:trojan-activity;sid:84724983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.83.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861882/; classtype:trojan-activity;sid:84724982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.137.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861881/; classtype:trojan-activity;sid:84724981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.118.236.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861880/; classtype:trojan-activity;sid:84724980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861879)"; flow:established,from_client; content:"GET"; http_method; content:"/1ece8d56-2f95-4220-85a8-74a2eb1387b5"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"rywwahl.romabet90.bet"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861879/; classtype:trojan-activity;sid:84724979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861878)"; flow:established,from_client; content:"GET"; http_method; content:"/badger_x64_stealth_rtl.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"176.65.134.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861878/; classtype:trojan-activity;sid:84724978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.255.43.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861877/; classtype:trojan-activity;sid:84724977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.216.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861876/; classtype:trojan-activity;sid:84724976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.93.137.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861875/; classtype:trojan-activity;sid:84724975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.75.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861874/; classtype:trojan-activity;sid:84724974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.118.236.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861873/; classtype:trojan-activity;sid:84724973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861872)"; flow:established,from_client; content:"GET"; http_method; content:"/img_140606.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"canigrup.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861872/; classtype:trojan-activity;sid:84724972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861871)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-contents/uizbfzgbzsevdbsrfnfservvfhbrjvrnbegjngbvfneevffgwmvnf/ehfbsdf.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"mnoledglin.top"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861871/; classtype:trojan-activity;sid:84724971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861870)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"canigrup.top"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861870/; classtype:trojan-activity;sid:84724970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861869)"; flow:established,from_client; content:"GET"; http_method; content:"/nightcord/nightcord/releases/download/v1.18.5/nightcord-installer.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"git.nightcord.online"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861869/; classtype:trojan-activity;sid:84724969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.206.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861868/; classtype:trojan-activity;sid:84724968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.75.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861867/; classtype:trojan-activity;sid:84724967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861866)"; flow:established,from_client; content:"GET"; http_method; content:"/x.bat"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"deltaexecutorvip.xyz"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861866/; classtype:trojan-activity;sid:84724966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861865)"; flow:established,from_client; content:"GET"; http_method; content:"/delta.hta"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"deltahub.vip"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861865/; classtype:trojan-activity;sid:84724965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861864)"; flow:established,from_client; content:"GET"; http_method; content:"/89480ade-f160-42d4-a780-9e59d8d6ea48"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xepjlus.riverpoker1.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861864/; classtype:trojan-activity;sid:84724964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861863)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=92b40ead-ec25-4ecf-85a5-f34deb3d55af"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1tzunno5.onexboro.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861863/; classtype:trojan-activity;sid:84724963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861862/; classtype:trojan-activity;sid:84724962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.158.170.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861861/; classtype:trojan-activity;sid:84724961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861860)"; flow:established,from_client; content:"GET"; http_method; content:"/lsge63sd3/plugins/clip64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"spasopro.at"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861860/; classtype:trojan-activity;sid:84724960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861858)"; flow:established,from_client; content:"GET"; http_method; content:"/lsge63sd3/plugins/clip.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"spasopro.at"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861858/; classtype:trojan-activity;sid:84724958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861859)"; flow:established,from_client; content:"GET"; http_method; content:"/lsge63sd3/okey.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"spasopro.at"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861859/; classtype:trojan-activity;sid:84724959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861856)"; flow:established,from_client; content:"GET"; http_method; content:"/lsge63sd3/plugins/cred.dll"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"spasopro.at"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861856/; classtype:trojan-activity;sid:84724956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861857)"; flow:established,from_client; content:"GET"; http_method; content:"/lsge63sd3/plugins/cred64.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"spasopro.at"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861857/; classtype:trojan-activity;sid:84724957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861855)"; flow:established,from_client; content:"GET"; http_method; content:"/amadey.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861855/; classtype:trojan-activity;sid:84724955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861854)"; flow:established,from_client; content:"GET"; http_method; content:"/tkr.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861854/; classtype:trojan-activity;sid:84724954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.153.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861853/; classtype:trojan-activity;sid:84724953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861852)"; flow:established,from_client; content:"GET"; http_method; content:"/5d7b4297-0d2f-4348-be83-9cd079265887"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lrucuzu.rika90.bet"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861852/; classtype:trojan-activity;sid:84724952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.47.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861851/; classtype:trojan-activity;sid:84724951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861849)"; flow:established,from_client; content:"GET"; http_method; content:"/mon.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861849/; classtype:trojan-activity;sid:84724949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861850)"; flow:established,from_client; content:"GET"; http_method; content:"/min.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861850/; classtype:trojan-activity;sid:84724950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861848)"; flow:established,from_client; content:"GET"; http_method; content:"/uas.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861848/; classtype:trojan-activity;sid:84724948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861846)"; flow:established,from_client; content:"GET"; http_method; content:"/cohernece.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861846/; classtype:trojan-activity;sid:84724946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861847)"; flow:established,from_client; content:"GET"; http_method; content:"/access.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cat.xiaoshabi.nl"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861847/; classtype:trojan-activity;sid:84724947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.192.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861845/; classtype:trojan-activity;sid:84724945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861844)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=2949ed60-087c-44d5-979f-bb9873a2d26f"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"z08omixf.mrbet90.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861844/; classtype:trojan-activity;sid:84724944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.148.150.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861843/; classtype:trojan-activity;sid:84724943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.153.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861842/; classtype:trojan-activity;sid:84724942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.27.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861841/; classtype:trojan-activity;sid:84724941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861840)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"vdsina.vg"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861840/; classtype:trojan-activity;sid:84724940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861837)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861837/; classtype:trojan-activity;sid:84724937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861838)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861838/; classtype:trojan-activity;sid:84724938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861839)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861839/; classtype:trojan-activity;sid:84724939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861835)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861835/; classtype:trojan-activity;sid:84724935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861836)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861836/; classtype:trojan-activity;sid:84724936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861834)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861834/; classtype:trojan-activity;sid:84724934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861833)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861833/; classtype:trojan-activity;sid:84724933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861832)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861832/; classtype:trojan-activity;sid:84724932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861828)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861828/; classtype:trojan-activity;sid:84724928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861829)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861829/; classtype:trojan-activity;sid:84724929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861830)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861830/; classtype:trojan-activity;sid:84724930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861831)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861831/; classtype:trojan-activity;sid:84724931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.160.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861827/; classtype:trojan-activity;sid:84724927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861826)"; flow:established,from_client; content:"GET"; http_method; content:"/9f6b4922-b233-4e9b-b469-393373ca1fb4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gabuys.perspolisbet90.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861826/; classtype:trojan-activity;sid:84724926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.14.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861825/; classtype:trojan-activity;sid:84724925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.47.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861824/; classtype:trojan-activity;sid:84724924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861823)"; flow:established,from_client; content:"GET"; http_method; content:"/a18ec94a-90da-4864-8986-944d03b2b633"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vsnsopv.winsportiran.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861823/; classtype:trojan-activity;sid:84724923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.30.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861822/; classtype:trojan-activity;sid:84724922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.221.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861821/; classtype:trojan-activity;sid:84724921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.195.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861820/; classtype:trojan-activity;sid:84724920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861819)"; flow:established,from_client; content:"GET"; http_method; content:"/files/8587665743/3hhqcyw.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"62.60.226.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861819/; classtype:trojan-activity;sid:84724919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861818)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"196.251.107.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861818/; classtype:trojan-activity;sid:84724918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.35.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861817/; classtype:trojan-activity;sid:84724917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.14.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861816/; classtype:trojan-activity;sid:84724916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861815)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.236.65.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861815/; classtype:trojan-activity;sid:84724915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861814)"; flow:established,from_client; content:"GET"; http_method; content:"/c4fc525c-861c-4b5a-a377-7516bfebdc59"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"prmozcj.persian.sex"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861814/; classtype:trojan-activity;sid:84724914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.233.102.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861813/; classtype:trojan-activity;sid:84724913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.35.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861812/; classtype:trojan-activity;sid:84724912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.246.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861811/; classtype:trojan-activity;sid:84724911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.93.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861810/; classtype:trojan-activity;sid:84724910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861809)"; flow:established,from_client; content:"GET"; http_method; content:"/7a4c952b-ee26-4678-98fe-c5b9b2ad153c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ckejpbj.one1xbet.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861809/; classtype:trojan-activity;sid:84724909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.30.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861808/; classtype:trojan-activity;sid:84724908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.246.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861807/; classtype:trojan-activity;sid:84724907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.231.120.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861806/; classtype:trojan-activity;sid:84724906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861805)"; flow:established,from_client; content:"GET"; http_method; content:"/cf40f3eb-4043-4f99-877b-1dafe1e51c7a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ysqxkgi.mangobetfarsi.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861805/; classtype:trojan-activity;sid:84724905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.107.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861804/; classtype:trojan-activity;sid:84724904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.195.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861803/; classtype:trojan-activity;sid:84724903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861802)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=369dc9fd-645e-42d5-902f-6bdc2f3a4be2"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"jegtdzjo.parsbet90.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861802/; classtype:trojan-activity;sid:84724902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.231.120.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861801/; classtype:trojan-activity;sid:84724901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.107.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861800/; classtype:trojan-activity;sid:84724900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.159.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861799/; classtype:trojan-activity;sid:84724899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.43.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861798/; classtype:trojan-activity;sid:84724898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861797)"; flow:established,from_client; content:"GET"; http_method; content:"/30743d71-2368-4d04-b271-c8075873675c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"disxya.jamjahani.football"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861797/; classtype:trojan-activity;sid:84724897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861796)"; flow:established,from_client; content:"GET"; http_method; content:"/77ada079-00cf-42e6-826c-3da48cdcbe3d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"izmxgmj.pasoor11.bet"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861796/; classtype:trojan-activity;sid:84724896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.16.164.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861795/; classtype:trojan-activity;sid:84724895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861794)"; flow:established,from_client; content:"GET"; http_method; content:"/e110cf6c-7c0e-446f-91df-e70389bc52e8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"oxtumf.jamjahani.football"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861794/; classtype:trojan-activity;sid:84724894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861793)"; flow:established,from_client; content:"GET"; http_method; content:"/000111333.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"vrdccbank.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861793/; classtype:trojan-activity;sid:84724893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861792)"; flow:established,from_client; content:"GET"; http_method; content:"/k5l5rvpx/admin.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"i.postimg.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861792/; classtype:trojan-activity;sid:84724892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861791)"; flow:established,from_client; content:"GET"; http_method; content:"/a0596716-da22-4555-ab1d-928dfaa04c68"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"uktbpnp.sabaad724.bet"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861791/; classtype:trojan-activity;sid:84724891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.118.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861790/; classtype:trojan-activity;sid:84724890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.225.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861789/; classtype:trojan-activity;sid:84724889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.126.223.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861788/; classtype:trojan-activity;sid:84724888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861787)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861787/; classtype:trojan-activity;sid:84724887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861780)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861780/; classtype:trojan-activity;sid:84724880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861781)"; flow:established,from_client; content:"GET"; http_method; content:"/cloudflare/sassy.cloudflare.arm7"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861781/; classtype:trojan-activity;sid:84724881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861782)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861782/; classtype:trojan-activity;sid:84724882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861783)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861783/; classtype:trojan-activity;sid:84724883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861784)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861784/; classtype:trojan-activity;sid:84724884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861785)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861785/; classtype:trojan-activity;sid:84724885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861786)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861786/; classtype:trojan-activity;sid:84724886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861774)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861774/; classtype:trojan-activity;sid:84724874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861775)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861775/; classtype:trojan-activity;sid:84724875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861776)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861776/; classtype:trojan-activity;sid:84724876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861777)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861777/; classtype:trojan-activity;sid:84724877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861778)"; flow:established,from_client; content:"GET"; http_method; content:"/cloudflare/sassy.cloudflare.arm6"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861778/; classtype:trojan-activity;sid:84724878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861779)"; flow:established,from_client; content:"GET"; http_method; content:"/cloudflare/sassy.cloudflare.mips"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861779/; classtype:trojan-activity;sid:84724879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861772)"; flow:established,from_client; content:"GET"; http_method; content:"/cloudflare/sassy.cloudflare.mipsel"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861772/; classtype:trojan-activity;sid:84724872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861773)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861773/; classtype:trojan-activity;sid:84724873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861771)"; flow:established,from_client; content:"GET"; http_method; content:"/cloudflare/sassy.cloudflare.m68k"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861771/; classtype:trojan-activity;sid:84724871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861764)"; flow:established,from_client; content:"GET"; http_method; content:"/cloudflare/sassy.cloudflare.sh4"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861764/; classtype:trojan-activity;sid:84724864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861765)"; flow:established,from_client; content:"GET"; http_method; content:"/cloudflare/sassy.cloudflare.arm"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861765/; classtype:trojan-activity;sid:84724865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861766)"; flow:established,from_client; content:"GET"; http_method; content:"/cloudflare/sassy.cloudflare.spc"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861766/; classtype:trojan-activity;sid:84724866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861767)"; flow:established,from_client; content:"GET"; http_method; content:"/cloudflare/sassy.cloudflare.ppc"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861767/; classtype:trojan-activity;sid:84724867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861768)"; flow:established,from_client; content:"GET"; http_method; content:"/cloudflare/sassy.cloudflare.x86_64"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861768/; classtype:trojan-activity;sid:84724868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861769)"; flow:established,from_client; content:"GET"; http_method; content:"/cloudflare/sassy.cloudflare.arm5"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861769/; classtype:trojan-activity;sid:84724869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861770)"; flow:established,from_client; content:"GET"; http_method; content:"/cloudflare/sassy.cloudflare.cat.sh"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"176.65.139.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861770/; classtype:trojan-activity;sid:84724870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861763)"; flow:established,from_client; content:"GET"; http_method; content:"/18ca20e3-4229-4aa8-beb0-c3caf066a755"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"uckrcup.romabet90.bet"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861763/; classtype:trojan-activity;sid:84724863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.195.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861762/; classtype:trojan-activity;sid:84724862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.92.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861761/; classtype:trojan-activity;sid:84724861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861760)"; flow:established,from_client; content:"GET"; http_method; content:"/20c6da9d-651a-45d7-ad10-ad0f433143a3"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"brbyxsj.riverpoker1.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861760/; classtype:trojan-activity;sid:84724860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.16.164.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861759/; classtype:trojan-activity;sid:84724859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861758)"; flow:established,from_client; content:"GET"; http_method; content:"/b74de582-d317-4490-91fb-44d429df55e9"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qenkzpp.rika90.bet"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861758/; classtype:trojan-activity;sid:84724858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.126.223.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861757/; classtype:trojan-activity;sid:84724857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.210.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861756/; classtype:trojan-activity;sid:84724856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.118.246.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861755/; classtype:trojan-activity;sid:84724855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.224.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861754/; classtype:trojan-activity;sid:84724854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.101.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861753/; classtype:trojan-activity;sid:84724853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.48.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861752/; classtype:trojan-activity;sid:84724852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861751)"; flow:established,from_client; content:"GET"; http_method; content:"/0304bf64-bb0e-4049-bc13-b0f75076c3ec"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ylcfeow.penalty.casino"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861751/; classtype:trojan-activity;sid:84724851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.221.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861750/; classtype:trojan-activity;sid:84724850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.48.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861749/; classtype:trojan-activity;sid:84724849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861748)"; flow:established,from_client; content:"GET"; http_method; content:"/coraline_4.7.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"coraline-cheats.pw"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861748/; classtype:trojan-activity;sid:84724848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861746)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_220302.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gadomamada.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861746/; classtype:trojan-activity;sid:84724846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861747)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_122530.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"magina.online"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861747/; classtype:trojan-activity;sid:84724847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861745)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_101603.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"estirarsobrelivro.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861745/; classtype:trojan-activity;sid:84724845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861741)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_111454.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"magina.online"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861741/; classtype:trojan-activity;sid:84724841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861742)"; flow:established,from_client; content:"GET"; http_method; content:"/api/index.php|3f|a=dl|7c|26|7c|token=8caaf953d89478b8a7191eb32295c117a310b53ac9059d4ad69a1e397ec3b2d4|7c|26|7c|rv=2c2a57da1627f1222495400c5625c3bd|7c|26|7c|src=anascopr.net|7c|26|7c|mode=cloudflare"; http_uri; depth:198; isdataat:!1,relative; nocase; content:"chinabowl.club"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861742/; classtype:trojan-activity;sid:84724842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861743)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_114115.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"grandvegasbet.com.br"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861743/; classtype:trojan-activity;sid:84724843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861744)"; flow:established,from_client; content:"GET"; http_method; content:"/beta/voltrix.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"voltrix.tv"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861744/; classtype:trojan-activity;sid:84724844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861739)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_091731.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"magina.online"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861739/; classtype:trojan-activity;sid:84724839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861740)"; flow:established,from_client; content:"GET"; http_method; content:"/msi_111308.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"gadomamada.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861740/; classtype:trojan-activity;sid:84724840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.224.180.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861738/; classtype:trojan-activity;sid:84724838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861737)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3e69f766-07e6-4e99-ae17-d092feccd26d"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"09ddpfx9.parspoker.casino"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861737/; classtype:trojan-activity;sid:84724837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861736)"; flow:established,from_client; content:"GET"; http_method; content:"/bf05d5da-a63a-403a-a9eb-9e332551fbef"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mjtcvp.jamjahani.cash"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861736/; classtype:trojan-activity;sid:84724836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861735)"; flow:established,from_client; content:"GET"; http_method; content:"/d361d500-0d6f-47f6-8fc6-081c7b4eb9fc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"tfqpaye.one1x.bet"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861735/; classtype:trojan-activity;sid:84724835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861734)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=8863f8f5-8265-4cc4-8da6-61e4f4ff6ad3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"a98nkya7.onexprobet.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861734/; classtype:trojan-activity;sid:84724834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861733)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861733/; classtype:trojan-activity;sid:84724833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861732)"; flow:established,from_client; content:"GET"; http_method; content:"/3c85f197-1386-4776-8c30-d77e2ab4bd25"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zonpvb.perfectgame.casino"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861732/; classtype:trojan-activity;sid:84724832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861731)"; flow:established,from_client; content:"GET"; http_method; content:"/4269e1ce-4f6e-4c59-9888-09a8096244a0"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xtrqgv.perspolisbet90.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861731/; classtype:trojan-activity;sid:84724831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.169.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861730/; classtype:trojan-activity;sid:84724830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.221.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861729/; classtype:trojan-activity;sid:84724829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.112.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861728/; classtype:trojan-activity;sid:84724828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.50.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861727/; classtype:trojan-activity;sid:84724827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.160.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861726/; classtype:trojan-activity;sid:84724826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.74.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861725/; classtype:trojan-activity;sid:84724825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.134.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861724/; classtype:trojan-activity;sid:84724824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.103.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861723/; classtype:trojan-activity;sid:84724823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.245.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861722/; classtype:trojan-activity;sid:84724822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861721)"; flow:established,from_client; content:"GET"; http_method; content:"/a3f8d2/kaizen.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"83.142.209.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861721/; classtype:trojan-activity;sid:84724821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.50.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861720/; classtype:trojan-activity;sid:84724820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861719)"; flow:established,from_client; content:"GET"; http_method; content:"/6b86327e-364f-4ae0-9c01-8b73e9e7462f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"sedxjax.winxbet.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861719/; classtype:trojan-activity;sid:84724819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.112.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861718/; classtype:trojan-activity;sid:84724818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.103.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861717/; classtype:trojan-activity;sid:84724817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.245.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861716/; classtype:trojan-activity;sid:84724816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.157.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861715/; classtype:trojan-activity;sid:84724815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.116.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861714/; classtype:trojan-activity;sid:84724814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861713)"; flow:established,from_client; content:"GET"; http_method; content:"/b3fe7804-3515-4863-845e-23f26b42e01e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"blkfazi.xenicalby6.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861713/; classtype:trojan-activity;sid:84724813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.190.134.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861712/; classtype:trojan-activity;sid:84724812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.22.103.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861711/; classtype:trojan-activity;sid:84724811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.233.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861710/; classtype:trojan-activity;sid:84724810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.249.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861709/; classtype:trojan-activity;sid:84724809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.116.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861708/; classtype:trojan-activity;sid:84724808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.195.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861707/; classtype:trojan-activity;sid:84724807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.166.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861706/; classtype:trojan-activity;sid:84724806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.190.105.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861705/; classtype:trojan-activity;sid:84724805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.233.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861704/; classtype:trojan-activity;sid:84724804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861703)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d8bb903c-9c39-49f5-8442-c3bfb19425dd"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"w18yfaze.yekbetiran.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861703/; classtype:trojan-activity;sid:84724803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.13.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861702/; classtype:trojan-activity;sid:84724802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.13.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861701/; classtype:trojan-activity;sid:84724801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.157.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861700/; classtype:trojan-activity;sid:84724800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.190.134.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861699/; classtype:trojan-activity;sid:84724799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.172.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861698/; classtype:trojan-activity;sid:84724798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861697)"; flow:established,from_client; content:"GET"; http_method; content:"/39c740be-8d6a-424b-8dc0-f7e2101520ec"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zlbcjre.wrfc8.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861697/; classtype:trojan-activity;sid:84724797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861696)"; flow:established,from_client; content:"GET"; http_method; content:"/networke.ps1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.221.99.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861696/; classtype:trojan-activity;sid:84724796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.175.205.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861695/; classtype:trojan-activity;sid:84724795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861694)"; flow:established,from_client; content:"GET"; http_method; content:"/f8ddbcd6-75e1-4339-b3c3-e8cddeef7ed0"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gfmuomz.pinbahiis.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861694/; classtype:trojan-activity;sid:84724794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.111.144.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861688/; classtype:trojan-activity;sid:84724788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861689)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.111.144.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861689/; classtype:trojan-activity;sid:84724789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861690)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.111.144.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861690/; classtype:trojan-activity;sid:84724790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861691)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.111.144.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861691/; classtype:trojan-activity;sid:84724791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.111.144.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861692/; classtype:trojan-activity;sid:84724792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.111.144.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861693/; classtype:trojan-activity;sid:84724793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861687)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/8"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.111.144.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861687/; classtype:trojan-activity;sid:84724787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861686)"; flow:established,from_client; content:"GET"; http_method; content:"/2624e321-771c-4fb3-bcc8-cfcd27b89afc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jbwjdp.rial.bet"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861686/; classtype:trojan-activity;sid:84724786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.251.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861685/; classtype:trojan-activity;sid:84724785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.22.103.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861684/; classtype:trojan-activity;sid:84724784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.166.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861683/; classtype:trojan-activity;sid:84724783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.172.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861682/; classtype:trojan-activity;sid:84724782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.251.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861681/; classtype:trojan-activity;sid:84724781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.99.180.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861680/; classtype:trojan-activity;sid:84724780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.58.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861679/; classtype:trojan-activity;sid:84724779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"23.146.240.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861678/; classtype:trojan-activity;sid:84724778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.249.216.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861677/; classtype:trojan-activity;sid:84724777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.139.62.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861676/; classtype:trojan-activity;sid:84724776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.234.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861675/; classtype:trojan-activity;sid:84724775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.121.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861674/; classtype:trojan-activity;sid:84724774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861673/; classtype:trojan-activity;sid:84724773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861672)"; flow:established,from_client; content:"GET"; http_method; content:"/47c8a229-b46a-43b7-8ac4-9173a4ac9d5d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"salppir.red90.casino"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861672/; classtype:trojan-activity;sid:84724772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.206.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861671/; classtype:trojan-activity;sid:84724771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.33.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861669/; classtype:trojan-activity;sid:84724769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861670)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.96.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861670/; classtype:trojan-activity;sid:84724770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861668)"; flow:established,from_client; content:"GET"; http_method; content:"/ipfs/qmbpifgvvgu4rsccjkunzwtmdxzeos2scdeqquqzg6guat"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"ipfs.io"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861668/; classtype:trojan-activity;sid:84724768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.255.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861667/; classtype:trojan-activity;sid:84724767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.90.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861666/; classtype:trojan-activity;sid:84724766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.139.62.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861665/; classtype:trojan-activity;sid:84724765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.99.180.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861664/; classtype:trojan-activity;sid:84724764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.255.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861663/; classtype:trojan-activity;sid:84724763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.238.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861662/; classtype:trojan-activity;sid:84724762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861661)"; flow:established,from_client; content:"GET"; http_method; content:"/83c2ad72-0a43-40fd-a729-6c9afe24cf65"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"whyldsf.rc395.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861661/; classtype:trojan-activity;sid:84724761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.33.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861660/; classtype:trojan-activity;sid:84724760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.238.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861659/; classtype:trojan-activity;sid:84724759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.243.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861658/; classtype:trojan-activity;sid:84724758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.114.178.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861657/; classtype:trojan-activity;sid:84724757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861656)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=4df9d346-ce49-486b-8b7a-4c2087cd8f89"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"e3giv37r.pokerpars.poker"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861656/; classtype:trojan-activity;sid:84724756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861655)"; flow:established,from_client; content:"GET"; http_method; content:"/dedewidth1234.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"pub-340aa1a9ccc64f6b871a4c31ff93a5a6.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861655/; classtype:trojan-activity;sid:84724755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861653)"; flow:established,from_client; content:"GET"; http_method; content:"/hndve/"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861653/; classtype:trojan-activity;sid:84724753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861654)"; flow:established,from_client; content:"GET"; http_method; content:"/dnlrp"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"dawn-bush-ddd1.yasminanthonyy.workers.dev"; http_host; depth:41; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861654/; classtype:trojan-activity;sid:84724754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861652)"; flow:established,from_client; content:"GET"; http_method; content:"/pktrg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861652/; classtype:trojan-activity;sid:84724752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861650)"; flow:established,from_client; content:"GET"; http_method; content:"/mcslb"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861650/; classtype:trojan-activity;sid:84724750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861651)"; flow:established,from_client; content:"GET"; http_method; content:"/jsptg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861651/; classtype:trojan-activity;sid:84724751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861649)"; flow:established,from_client; content:"GET"; http_method; content:"/xiyks"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861649/; classtype:trojan-activity;sid:84724749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861648)"; flow:established,from_client; content:"GET"; http_method; content:"/22/img_102554.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"104.168.70.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861648/; classtype:trojan-activity;sid:84724748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861646)"; flow:established,from_client; content:"GET"; http_method; content:"/180/img_185101.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"31.77.57.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861646/; classtype:trojan-activity;sid:84724746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861647)"; flow:established,from_client; content:"GET"; http_method; content:"/fwdra"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861647/; classtype:trojan-activity;sid:84724747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861644)"; flow:established,from_client; content:"GET"; http_method; content:"/ndynuw"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"getabre.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861644/; classtype:trojan-activity;sid:84724744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861645)"; flow:established,from_client; content:"GET"; http_method; content:"/lasaas.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pub-e2490b2d81b147ac978f21eab73fe8c4.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861645/; classtype:trojan-activity;sid:84724745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861642)"; flow:established,from_client; content:"GET"; http_method; content:"/22/wedidbestthingswithbetterplaceformygirl.hta"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"104.168.70.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861642/; classtype:trojan-activity;sid:84724742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861643)"; flow:established,from_client; content:"GET"; http_method; content:"/wdutlv"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"getabre.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861643/; classtype:trojan-activity;sid:84724743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861640)"; flow:established,from_client; content:"GET"; http_method; content:"/180/wegivenbestthingsforbetterplaceforme.hta"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"31.77.57.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861640/; classtype:trojan-activity;sid:84724740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861641)"; flow:established,from_client; content:"GET"; http_method; content:"/httpswww.pcmag.compicksthe-best-cloud-storage-and-file-sharing-servicestest_uuid=05zuputsjijl9et37twfqcl|7c|26|7c|test_variant=app.php"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"31.77.57.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861641/; classtype:trojan-activity;sid:84724741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861639)"; flow:established,from_client; content:"GET"; http_method; content:"/sqxoi"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861639/; classtype:trojan-activity;sid:84724739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861638)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2026rupolice.vercel.app"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861638/; classtype:trojan-activity;sid:84724738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861636)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|download=1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"news24-ebon.vercel.app"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861636/; classtype:trojan-activity;sid:84724736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861637)"; flow:established,from_client; content:"GET"; http_method; content:"/filai.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"pub-ad9c25de14a347bf8934835d655aafc1.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861637/; classtype:trojan-activity;sid:84724737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861635)"; flow:established,from_client; content:"GET"; http_method; content:"/wrkwf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"icy-lab-0431.guilherme-telecomunicacoes2024.workers.dev"; http_host; depth:55; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861635/; classtype:trojan-activity;sid:84724735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861634)"; flow:established,from_client; content:"GET"; http_method; content:"/%d0%90%d0%9a%d0%a2%d0%a3%d0%90%d0%9b%d0%ac%d0%9d%d0%ab%d0%99_%d0%a1%d0%9f%d0%98%d0%a1%d0%9e%d0%9a.apk"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"spiskisvo.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861634/; classtype:trojan-activity;sid:84724734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861633)"; flow:established,from_client; content:"GET"; http_method; content:"/httpswww.pcmag.compicksthe-best-cloud-storage-and-file-sharing-servicestest_uuid=05zuputsjijl9et37twfqcl|7c|26|7c|test_variant=evc.php"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"104.168.70.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861633/; classtype:trojan-activity;sid:84724733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861632)"; flow:established,from_client; content:"GET"; http_method; content:"/favour4.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"vrdccbank.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861632/; classtype:trojan-activity;sid:84724732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861631)"; flow:established,from_client; content:"GET"; http_method; content:"/doppee7.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"vrdccbank.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861631/; classtype:trojan-activity;sid:84724731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861630)"; flow:established,from_client; content:"GET"; http_method; content:"/freda4.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"vrdccbank.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861630/; classtype:trojan-activity;sid:84724730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.71.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861629/; classtype:trojan-activity;sid:84724729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.151.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861628/; classtype:trojan-activity;sid:84724728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.120.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861627/; classtype:trojan-activity;sid:84724727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861626)"; flow:established,from_client; content:"GET"; http_method; content:"/5e565f30-6b82-4f4b-94d0-1d30c4d9b952"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xwwitjs.rayonbet.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861626/; classtype:trojan-activity;sid:84724726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861625)"; flow:established,from_client; content:"GET"; http_method; content:"/0de789be-5fb4-489b-8d8c-ed7d86ef8f64"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"demfmb.restaurantguideaarhus.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861625/; classtype:trojan-activity;sid:84724725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.239.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861624/; classtype:trojan-activity;sid:84724724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.120.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861623/; classtype:trojan-activity;sid:84724723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.243.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861622/; classtype:trojan-activity;sid:84724722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.193.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861621/; classtype:trojan-activity;sid:84724721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861620)"; flow:established,from_client; content:"GET"; http_method; content:"/651872e1-b1e3-40fe-b5c5-c7ebf5606378"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gwjjko.onlineshart.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861620/; classtype:trojan-activity;sid:84724720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.39.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861619/; classtype:trojan-activity;sid:84724719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.151.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861618/; classtype:trojan-activity;sid:84724718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.55.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861617/; classtype:trojan-activity;sid:84724717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861616)"; flow:established,from_client; content:"GET"; http_method; content:"/cd0aa4a3-065d-484a-98b3-9b525437ebed"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gyayod.pishbinisite.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861616/; classtype:trojan-activity;sid:84724716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.244.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861615/; classtype:trojan-activity;sid:84724715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.80.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861614/; classtype:trojan-activity;sid:84724714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861613)"; flow:established,from_client; content:"GET"; http_method; content:"/9eb34cf2-5092-4f61-ab95-79609a94c94e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gdenwcw.rabonaabet.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861613/; classtype:trojan-activity;sid:84724713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.55.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861612/; classtype:trojan-activity;sid:84724712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.193.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861611/; classtype:trojan-activity;sid:84724711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.133.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861610/; classtype:trojan-activity;sid:84724710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.39.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861609/; classtype:trojan-activity;sid:84724709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861608)"; flow:established,from_client; content:"GET"; http_method; content:"/9247b3b2-a7dc-49f7-ba03-da92b2eb1bc5"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cafdfe.pishbinihoshmand.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861608/; classtype:trojan-activity;sid:84724708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.162.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861607/; classtype:trojan-activity;sid:84724707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861606)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=4f7da9a9-0aa7-43fc-8999-a76506fd56c1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dgxbf5rv.onexfa.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861606/; classtype:trojan-activity;sid:84724706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861605/; classtype:trojan-activity;sid:84724705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861604)"; flow:established,from_client; content:"GET"; http_method; content:"/72544e76-576d-4a90-947d-a5351c4655ad"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lplhoo.pishbinigame.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861604/; classtype:trojan-activity;sid:84724704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.80.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861603/; classtype:trojan-activity;sid:84724703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861602)"; flow:established,from_client; content:"GET"; http_method; content:"/883fbe81-134a-49e9-8a0d-e4788ebb3b50"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mbigpi.pishbinifoori.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861602/; classtype:trojan-activity;sid:84724702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.47.190.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861601/; classtype:trojan-activity;sid:84724701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.247.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861600/; classtype:trojan-activity;sid:84724700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.173.199.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861599/; classtype:trojan-activity;sid:84724699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.115.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861598/; classtype:trojan-activity;sid:84724698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.83.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861597/; classtype:trojan-activity;sid:84724697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861596)"; flow:established,from_client; content:"GET"; http_method; content:"/2ce721b9-466e-42a7-a6bd-afa08478c385"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jgjuwx.pishbiniclass.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861596/; classtype:trojan-activity;sid:84724696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.249.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861595/; classtype:trojan-activity;sid:84724695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.19.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861594/; classtype:trojan-activity;sid:84724694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861593)"; flow:established,from_client; content:"GET"; http_method; content:"/248ff6ad-4ec9-42ac-80af-9e754b90def2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"rcyrnur.pokerprado.bet"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861593/; classtype:trojan-activity;sid:84724693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.88.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861591/; classtype:trojan-activity;sid:84724691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.19.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861592/; classtype:trojan-activity;sid:84724692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.247.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861590/; classtype:trojan-activity;sid:84724690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.210.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861589/; classtype:trojan-activity;sid:84724689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.220.145.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861588/; classtype:trojan-activity;sid:84724688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.134.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861587/; classtype:trojan-activity;sid:84724687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861586)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=9422b0fc-c3d6-4ede-9c00-9af152d86ef6"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"r2qz0qa2.poker-online.bet"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861586/; classtype:trojan-activity;sid:84724686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.113.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861584/; classtype:trojan-activity;sid:84724684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.69.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861585/; classtype:trojan-activity;sid:84724685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861583)"; flow:established,from_client; content:"GET"; http_method; content:"/639f1d09-6a0c-44fa-ab2c-e494aec3ab9b"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"rmipclt.penality.bet"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861583/; classtype:trojan-activity;sid:84724683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.248.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861582/; classtype:trojan-activity;sid:84724682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.121.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861581/; classtype:trojan-activity;sid:84724681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861580)"; flow:established,from_client; content:"GET"; http_method; content:"/tcp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"165.154.199.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861580/; classtype:trojan-activity;sid:84724680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861579)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.111.144.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861579/; classtype:trojan-activity;sid:84724679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.39.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861578/; classtype:trojan-activity;sid:84724678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.92.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861577/; classtype:trojan-activity;sid:84724677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.173.159.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861576/; classtype:trojan-activity;sid:84724676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861575)"; flow:established,from_client; content:"GET"; http_method; content:"/8570bba4-df3f-4581-9a6c-f4bb23099132"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"emyynld.pasur21.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861575/; classtype:trojan-activity;sid:84724675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.134.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861574/; classtype:trojan-activity;sid:84724674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.96.141.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861573/; classtype:trojan-activity;sid:84724673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861572)"; flow:established,from_client; content:"GET"; http_method; content:"/disssh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"151.243.109.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861572/; classtype:trojan-activity;sid:84724672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861571)"; flow:established,from_client; content:"GET"; http_method; content:"/dissx86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"151.243.109.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861571/; classtype:trojan-activity;sid:84724671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861568)"; flow:established,from_client; content:"GET"; http_method; content:"/dissarm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.243.109.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861568/; classtype:trojan-activity;sid:84724668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861569)"; flow:established,from_client; content:"GET"; http_method; content:"/dissmips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.243.109.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861569/; classtype:trojan-activity;sid:84724669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861570)"; flow:established,from_client; content:"GET"; http_method; content:"/dissarm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.243.109.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861570/; classtype:trojan-activity;sid:84724670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861566)"; flow:established,from_client; content:"GET"; http_method; content:"/dissarm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.243.109.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861566/; classtype:trojan-activity;sid:84724666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861567)"; flow:established,from_client; content:"GET"; http_method; content:"/dissmpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.243.109.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861567/; classtype:trojan-activity;sid:84724667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861565)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.156.87.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861565/; classtype:trojan-activity;sid:84724665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861564)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.156.87.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861564/; classtype:trojan-activity;sid:84724664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861563)"; flow:established,from_client; content:"GET"; http_method; content:"/test.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.40.31.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861563/; classtype:trojan-activity;sid:84724663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861562)"; flow:established,from_client; content:"GET"; http_method; content:"/ss"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"172.94.9.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861562/; classtype:trojan-activity;sid:84724662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861560)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"151.243.109.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861560/; classtype:trojan-activity;sid:84724660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861561)"; flow:established,from_client; content:"GET"; http_method; content:"/dissarm4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"151.243.109.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861561/; classtype:trojan-activity;sid:84724661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861559)"; flow:established,from_client; content:"GET"; http_method; content:"//r/nsec-fetch-dest"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"189.183.104.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861559/; classtype:trojan-activity;sid:84724659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861558)"; flow:established,from_client; content:"GET"; http_method; content:"//r/n/r/n"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"177.152.150.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861558/; classtype:trojan-activity;sid:84724658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"38.60.206.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861556/; classtype:trojan-activity;sid:84724656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"104.251.181.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861554/; classtype:trojan-activity;sid:84724654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.156.87.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861555/; classtype:trojan-activity;sid:84724655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.187.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861551/; classtype:trojan-activity;sid:84724651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.189.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861552/; classtype:trojan-activity;sid:84724652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.184.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861553/; classtype:trojan-activity;sid:84724653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"104.251.180.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861543/; classtype:trojan-activity;sid:84724643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"31.42.176.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861544/; classtype:trojan-activity;sid:84724644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"104.251.180.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861545/; classtype:trojan-activity;sid:84724645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"213.111.144.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861546/; classtype:trojan-activity;sid:84724646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.156.87.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861547/; classtype:trojan-activity;sid:84724647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.188.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861548/; classtype:trojan-activity;sid:84724648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"209.99.187.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861549/; classtype:trojan-activity;sid:84724649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.16.54.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861550/; classtype:trojan-activity;sid:84724650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.184.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861542/; classtype:trojan-activity;sid:84724642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"213.111.144.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861541/; classtype:trojan-activity;sid:84724641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.187.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861534/; classtype:trojan-activity;sid:84724634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.188.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861535/; classtype:trojan-activity;sid:84724635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.187.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861536/; classtype:trojan-activity;sid:84724636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861537/; classtype:trojan-activity;sid:84724637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.99.189.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861538/; classtype:trojan-activity;sid:84724638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"31.42.176.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861539/; classtype:trojan-activity;sid:84724639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"104.251.181.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861540/; classtype:trojan-activity;sid:84724640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.156.87.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861533/; classtype:trojan-activity;sid:84724633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861532)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.armv4l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861532/; classtype:trojan-activity;sid:84724632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861523)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.armv6l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861523/; classtype:trojan-activity;sid:84724623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861524)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.powerpc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861524/; classtype:trojan-activity;sid:84724624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861525)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.armv5l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861525/; classtype:trojan-activity;sid:84724625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861526)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.x86_64"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861526/; classtype:trojan-activity;sid:84724626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861527)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.mipsel"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861527/; classtype:trojan-activity;sid:84724627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861528)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.armv7l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861528/; classtype:trojan-activity;sid:84724628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861529)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.arc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861529/; classtype:trojan-activity;sid:84724629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861530)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.i486"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861530/; classtype:trojan-activity;sid:84724630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861531)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861531/; classtype:trojan-activity;sid:84724631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861522)"; flow:established,from_client; content:"GET"; http_method; content:"/ctst"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861522/; classtype:trojan-activity;sid:84724622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861521)"; flow:established,from_client; content:"GET"; http_method; content:"/wgl"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861521/; classtype:trojan-activity;sid:84724621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861517)"; flow:established,from_client; content:"GET"; http_method; content:"/hke"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861517/; classtype:trojan-activity;sid:84724617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861518)"; flow:established,from_client; content:"GET"; http_method; content:"/glv"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861518/; classtype:trojan-activity;sid:84724618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861519)"; flow:established,from_client; content:"GET"; http_method; content:"/pv7"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861519/; classtype:trojan-activity;sid:84724619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861520)"; flow:established,from_client; content:"GET"; http_method; content:"/aa4z"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861520/; classtype:trojan-activity;sid:84724620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861516)"; flow:established,from_client; content:"GET"; http_method; content:"/z7jy"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861516/; classtype:trojan-activity;sid:84724616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861513)"; flow:established,from_client; content:"GET"; http_method; content:"/xkxm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861513/; classtype:trojan-activity;sid:84724613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861514)"; flow:established,from_client; content:"GET"; http_method; content:"/ktzt"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861514/; classtype:trojan-activity;sid:84724614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861515)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861515/; classtype:trojan-activity;sid:84724615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861512)"; flow:established,from_client; content:"GET"; http_method; content:"/bwr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861512/; classtype:trojan-activity;sid:84724612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861509)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861509/; classtype:trojan-activity;sid:84724609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861510)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.aarch64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861510/; classtype:trojan-activity;sid:84724610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861511)"; flow:established,from_client; content:"GET"; http_method; content:"/updaterros.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861511/; classtype:trojan-activity;sid:84724611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861503)"; flow:established,from_client; content:"GET"; http_method; content:"/jvkg"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861503/; classtype:trojan-activity;sid:84724603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861504)"; flow:established,from_client; content:"GET"; http_method; content:"/a9kw"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861504/; classtype:trojan-activity;sid:84724604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861505)"; flow:established,from_client; content:"GET"; http_method; content:"/pab"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861505/; classtype:trojan-activity;sid:84724605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861506)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/12.tok"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"152.236.5.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861506/; classtype:trojan-activity;sid:84724606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861507)"; flow:established,from_client; content:"GET"; http_method; content:"/cfxe"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861507/; classtype:trojan-activity;sid:84724607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861508)"; flow:established,from_client; content:"GET"; http_method; content:"/dzrg"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861508/; classtype:trojan-activity;sid:84724608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861502)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.122.171.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861502/; classtype:trojan-activity;sid:84724602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861501)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861501/; classtype:trojan-activity;sid:84724601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861491)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861491/; classtype:trojan-activity;sid:84724591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861492)"; flow:established,from_client; content:"GET"; http_method; content:"/main_m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861492/; classtype:trojan-activity;sid:84724592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861493)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861493/; classtype:trojan-activity;sid:84724593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861494)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861494/; classtype:trojan-activity;sid:84724594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861495)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861495/; classtype:trojan-activity;sid:84724595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861496)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861496/; classtype:trojan-activity;sid:84724596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861497)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861497/; classtype:trojan-activity;sid:84724597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861498)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861498/; classtype:trojan-activity;sid:84724598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861499)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861499/; classtype:trojan-activity;sid:84724599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861500)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861500/; classtype:trojan-activity;sid:84724600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.39.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861490/; classtype:trojan-activity;sid:84724590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861489)"; flow:established,from_client; content:"GET"; http_method; content:"/bot"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.65.142.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861489/; classtype:trojan-activity;sid:84724589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.220.145.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861488/; classtype:trojan-activity;sid:84724588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.96.141.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861487/; classtype:trojan-activity;sid:84724587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.207.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861486/; classtype:trojan-activity;sid:84724586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861485)"; flow:established,from_client; content:"GET"; http_method; content:"/f69295ed-5a4d-48a2-8dc7-23385cdc2f36"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nkfjdum.pasoor11.bet"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861485/; classtype:trojan-activity;sid:84724585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861484)"; flow:established,from_client; content:"GET"; http_method; content:"/1512a7e8-6e50-461e-8b65-d6807fd7ebbd"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hxmhpw.pishbinibet.casino"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861484/; classtype:trojan-activity;sid:84724584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861483)"; flow:established,from_client; content:"GET"; http_method; content:"/053d3da2-9033-4467-b64a-0aaee7f984f7"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"sfdwdmq.mangobetfarsi.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861483/; classtype:trojan-activity;sid:84724583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861482)"; flow:established,from_client; content:"GET"; http_method; content:"/release/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.118.132.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861482/; classtype:trojan-activity;sid:84724582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.242.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861481/; classtype:trojan-activity;sid:84724581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861480/; classtype:trojan-activity;sid:84724580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861479)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshisss.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"152.236.5.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861479/; classtype:trojan-activity;sid:84724579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861478)"; flow:established,from_client; content:"GET"; http_method; content:"/kim/kim.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.normativatecnica.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861478/; classtype:trojan-activity;sid:84724578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861477)"; flow:established,from_client; content:"GET"; http_method; content:"/ps/ps.js"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"ksb.com.de"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861477/; classtype:trojan-activity;sid:84724577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861476)"; flow:established,from_client; content:"GET"; http_method; content:"/ag/unexplain.psd"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ali-alomaritrading.cam"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861476/; classtype:trojan-activity;sid:84724576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.229.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861475/; classtype:trojan-activity;sid:84724575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.160.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861474/; classtype:trojan-activity;sid:84724574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861473)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=aff12a77-472e-4235-aaed-0c450b6fbb56"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"ojnkoxdg.pokerbazi.poker"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861473/; classtype:trojan-activity;sid:84724573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.41.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861472/; classtype:trojan-activity;sid:84724572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.15.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861471/; classtype:trojan-activity;sid:84724571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861470)"; flow:established,from_client; content:"GET"; http_method; content:"/c4cae652-cd4f-4891-9e7b-3c666782c98f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hnainyw.ninjafruitcubes.bet"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861470/; classtype:trojan-activity;sid:84724570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.100.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861468/; classtype:trojan-activity;sid:84724568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.93.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861469/; classtype:trojan-activity;sid:84724569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861467)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/teleport"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861467/; classtype:trojan-activity;sid:84724567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.39.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861466/; classtype:trojan-activity;sid:84724566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.113.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861465/; classtype:trojan-activity;sid:84724565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.160.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861464/; classtype:trojan-activity;sid:84724564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.100.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861463/; classtype:trojan-activity;sid:84724563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.52.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861462/; classtype:trojan-activity;sid:84724562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.18.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861461/; classtype:trojan-activity;sid:84724561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.113.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861460/; classtype:trojan-activity;sid:84724560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861459)"; flow:established,from_client; content:"GET"; http_method; content:"/4e186776-1a0a-42f1-836b-4055caead275"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"kodhfeq.one1xbet.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861459/; classtype:trojan-activity;sid:84724559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861458)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/13.tok"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"152.236.5.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861458/; classtype:trojan-activity;sid:84724558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.229.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861457/; classtype:trojan-activity;sid:84724557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861456)"; flow:established,from_client; content:"GET"; http_method; content:"/disconnected.sh"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"152.236.5.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861456/; classtype:trojan-activity;sid:84724556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861455)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/7.tok"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.236.5.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861455/; classtype:trojan-activity;sid:84724555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861445)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/8.tok"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.236.5.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861445/; classtype:trojan-activity;sid:84724545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861446)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/11.tok"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"152.236.5.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861446/; classtype:trojan-activity;sid:84724546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861447)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/3.tok"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.236.5.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861447/; classtype:trojan-activity;sid:84724547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861448)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/6.tok"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.236.5.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861448/; classtype:trojan-activity;sid:84724548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861449)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/4.tok"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.236.5.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861449/; classtype:trojan-activity;sid:84724549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861450)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/1.tok"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.236.5.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861450/; classtype:trojan-activity;sid:84724550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861451)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/5.tok"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.236.5.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861451/; classtype:trojan-activity;sid:84724551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861452)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/9.tok"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.236.5.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861452/; classtype:trojan-activity;sid:84724552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861453)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/2.tok"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"152.236.5.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861453/; classtype:trojan-activity;sid:84724553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861454)"; flow:established,from_client; content:"GET"; http_method; content:"/eat/some/10.tok"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"152.236.5.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861454/; classtype:trojan-activity;sid:84724554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.14.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861444/; classtype:trojan-activity;sid:84724544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.18.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861443/; classtype:trojan-activity;sid:84724543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.116.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861442/; classtype:trojan-activity;sid:84724542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.29.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861440/; classtype:trojan-activity;sid:84724540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.28.63.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861441/; classtype:trojan-activity;sid:84724541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.178.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861439/; classtype:trojan-activity;sid:84724539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.14.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861438/; classtype:trojan-activity;sid:84724538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.134.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861437/; classtype:trojan-activity;sid:84724537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.98.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861436/; classtype:trojan-activity;sid:84724536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861435)"; flow:established,from_client; content:"GET"; http_method; content:"/021d6c05-e7af-45f2-9a47-50743e6ca3b1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"wsiflnb.persian.sex"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861435/; classtype:trojan-activity;sid:84724535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.218.61.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861434/; classtype:trojan-activity;sid:84724534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.28.63.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861433/; classtype:trojan-activity;sid:84724533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.71.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861432/; classtype:trojan-activity;sid:84724532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861431)"; flow:established,from_client; content:"GET"; http_method; content:"/59022224-c1d4-46a0-b0dd-c39cc67116bd"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mnnwpo.jamjahani2026.football"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861431/; classtype:trojan-activity;sid:84724531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.186.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861430/; classtype:trojan-activity;sid:84724530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.98.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861429/; classtype:trojan-activity;sid:84724529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861428/; classtype:trojan-activity;sid:84724528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.116.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861427/; classtype:trojan-activity;sid:84724527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.71.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861426/; classtype:trojan-activity;sid:84724526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.239.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861425/; classtype:trojan-activity;sid:84724525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.179.14.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861424/; classtype:trojan-activity;sid:84724524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.96.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861423/; classtype:trojan-activity;sid:84724523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861422)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=e3e52bd6-abab-4e18-aaf9-1864b69ab397"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"jjcuameq.parspoker90.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861422/; classtype:trojan-activity;sid:84724522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.89.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861421/; classtype:trojan-activity;sid:84724521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861420)"; flow:established,from_client; content:"GET"; http_method; content:"/fb1a945f-bcc3-4aff-b4d5-aaee9e739d5e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"scsadmm.penaltibazi.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861420/; classtype:trojan-activity;sid:84724520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.151.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861419/; classtype:trojan-activity;sid:84724519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861418)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=3eb1a9f9-e004-41f6-85a6-0e7af64ed35a"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"aoeseeuk.winpars.casino"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861418/; classtype:trojan-activity;sid:84724518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.3.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861417/; classtype:trojan-activity;sid:84724517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.105.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861416/; classtype:trojan-activity;sid:84724516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.75.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861415/; classtype:trojan-activity;sid:84724515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.148.221.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861414/; classtype:trojan-activity;sid:84724514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.218.61.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861413/; classtype:trojan-activity;sid:84724513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.67.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861412/; classtype:trojan-activity;sid:84724512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.241.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861411/; classtype:trojan-activity;sid:84724511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861410/; classtype:trojan-activity;sid:84724510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.3.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861409/; classtype:trojan-activity;sid:84724509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.151.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861408/; classtype:trojan-activity;sid:84724508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.89.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861407/; classtype:trojan-activity;sid:84724507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861406)"; flow:established,from_client; content:"GET"; http_method; content:"/76379832-7a8a-48bc-beed-8bf865190d25"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gialird.pishbini11.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861406/; classtype:trojan-activity;sid:84724506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.83.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861405/; classtype:trojan-activity;sid:84724505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.255.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861404/; classtype:trojan-activity;sid:84724504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.59.79.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861403/; classtype:trojan-activity;sid:84724503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.138.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861402/; classtype:trojan-activity;sid:84724502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.117.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861401/; classtype:trojan-activity;sid:84724501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.41.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861400/; classtype:trojan-activity;sid:84724500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.111.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861399/; classtype:trojan-activity;sid:84724499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.111.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861398/; classtype:trojan-activity;sid:84724498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.59.79.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861397/; classtype:trojan-activity;sid:84724497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861396)"; flow:established,from_client; content:"GET"; http_method; content:"/79c9b48d-7e93-465b-8816-a5da0113d8b6"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"byiuatd.pinnaclebetting.bet"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861396/; classtype:trojan-activity;sid:84724496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.216.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861395/; classtype:trojan-activity;sid:84724495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861394)"; flow:established,from_client; content:"GET"; http_method; content:"/01df1e5a-28b6-4423-a90d-562ea5dbbca9"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"naszmks.pinbahiis.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861394/; classtype:trojan-activity;sid:84724494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.71.39.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861393/; classtype:trojan-activity;sid:84724493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.21.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861392/; classtype:trojan-activity;sid:84724492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861391)"; flow:established,from_client; content:"GET"; http_method; content:"/98838503-9036-4eee-bd73-e04e93e221ca"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xgcstm.yasbet90.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861391/; classtype:trojan-activity;sid:84724491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.242.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861390/; classtype:trojan-activity;sid:84724490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.113.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861389/; classtype:trojan-activity;sid:84724489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861388)"; flow:established,from_client; content:"GET"; http_method; content:"/df04f85c-8809-4c98-9aef-0cb7a8efe043"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lokino.perfectgameiran.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861388/; classtype:trojan-activity;sid:84724488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.172.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861387/; classtype:trojan-activity;sid:84724487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.179.14.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861386/; classtype:trojan-activity;sid:84724486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.86.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861385/; classtype:trojan-activity;sid:84724485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.177.10.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861384/; classtype:trojan-activity;sid:84724484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.103.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861383/; classtype:trojan-activity;sid:84724483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"149.71.39.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861382/; classtype:trojan-activity;sid:84724482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.31.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861380/; classtype:trojan-activity;sid:84724480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.216.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861381/; classtype:trojan-activity;sid:84724481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861379)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=be2b69c0-546f-4f0c-b143-f34911b2ba09"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"q62sm4y0.parsgoal90.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861379/; classtype:trojan-activity;sid:84724479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861378)"; flow:established,from_client; content:"GET"; http_method; content:"/548c6fb3-aea6-4c67-8535-cbe5eae544eb"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"plyxcbx.wrfc8.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861378/; classtype:trojan-activity;sid:84724478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.242.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861377/; classtype:trojan-activity;sid:84724477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861375)"; flow:established,from_client; content:"GET"; http_method; content:"/azsxd.i6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.228.26.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861375/; classtype:trojan-activity;sid:84724475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861376)"; flow:established,from_client; content:"GET"; http_method; content:"/azsxd.i5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.228.26.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861376/; classtype:trojan-activity;sid:84724476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.86.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861373/; classtype:trojan-activity;sid:84724473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.103.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861374/; classtype:trojan-activity;sid:84724474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861372)"; flow:established,from_client; content:"GET"; http_method; content:"/zok"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.228.26.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861372/; classtype:trojan-activity;sid:84724472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.225.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861371/; classtype:trojan-activity;sid:84724471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.113.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861370/; classtype:trojan-activity;sid:84724470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.21.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861369/; classtype:trojan-activity;sid:84724469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.123.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861368/; classtype:trojan-activity;sid:84724468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.8.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861367/; classtype:trojan-activity;sid:84724467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.225.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861366/; classtype:trojan-activity;sid:84724466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861365)"; flow:established,from_client; content:"GET"; http_method; content:"/ba8cbffa-a66a-425a-b2a0-6cef190a72a8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pblgwhm.x50wheel.bet"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861365/; classtype:trojan-activity;sid:84724465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.123.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861364/; classtype:trojan-activity;sid:84724464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.231.231.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861363/; classtype:trojan-activity;sid:84724463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.173.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861362/; classtype:trojan-activity;sid:84724462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.8.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861361/; classtype:trojan-activity;sid:84724461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.248.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861360/; classtype:trojan-activity;sid:84724460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.54.95.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861359/; classtype:trojan-activity;sid:84724459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861358)"; flow:established,from_client; content:"GET"; http_method; content:"/476edb17-af55-41b7-b1b1-1031ae7db70e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"oknmhjx.xenicalby6.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_09; reference:url, urlhaus.abuse.ch/url/3861358/; classtype:trojan-activity;sid:84724458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.173.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861357/; classtype:trojan-activity;sid:84724457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.248.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861356/; classtype:trojan-activity;sid:84724456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861355)"; flow:established,from_client; content:"GET"; http_method; content:"/079debf7-5af8-45e9-931f-d5f40c7e37f2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"nnwhxh.pik.bet"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861355/; classtype:trojan-activity;sid:84724455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.114.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861354/; classtype:trojan-activity;sid:84724454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.54.95.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861353/; classtype:trojan-activity;sid:84724453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861352)"; flow:established,from_client; content:"GET"; http_method; content:"/0ccfc2d2-d321-4996-a489-e4d238708dbb"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"deglis.perspolisbet.bet"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861352/; classtype:trojan-activity;sid:84724452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.94.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861351/; classtype:trojan-activity;sid:84724451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.244.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861350/; classtype:trojan-activity;sid:84724450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861349)"; flow:established,from_client; content:"GET"; http_method; content:"/a7d66692-744f-43c6-934b-00ab440ef5f6"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"akvljg.perspolisbet90.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861349/; classtype:trojan-activity;sid:84724449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861348)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=7bafc7d1-4304-4eba-87fe-09270e041e20"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"nlwgc0c9.yekbetiran.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861348/; classtype:trojan-activity;sid:84724448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861347)"; flow:established,from_client; content:"GET"; http_method; content:"/14b2f418-16ae-46d6-96df-632a666d6fed"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"frowben.yasbetapp.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861347/; classtype:trojan-activity;sid:84724447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.194.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861346/; classtype:trojan-activity;sid:84724446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.133.221.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861345/; classtype:trojan-activity;sid:84724445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.114.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861344/; classtype:trojan-activity;sid:84724444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861343)"; flow:established,from_client; content:"GET"; http_method; content:"/8ffae4a0-a86f-48c5-9ce3-3ac989576823"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gsoxdy.vezaratshart.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861343/; classtype:trojan-activity;sid:84724443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"147.45.209.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861342/; classtype:trojan-activity;sid:84724442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861341)"; flow:established,from_client; content:"GET"; http_method; content:"/09e345db-c3c0-488b-99e6-bf7d4edd4628"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pvvvvn.perfectgame.casino"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861341/; classtype:trojan-activity;sid:84724441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.75.14.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861340/; classtype:trojan-activity;sid:84724440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.88.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861339/; classtype:trojan-activity;sid:84724439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861338)"; flow:established,from_client; content:"GET"; http_method; content:"/a001e2c9-70b4-4f77-8503-366bdda8ab4a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"sewgqnm.winxbet.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861338/; classtype:trojan-activity;sid:84724438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"147.45.209.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861337/; classtype:trojan-activity;sid:84724437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.186.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861336/; classtype:trojan-activity;sid:84724436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861335/; classtype:trojan-activity;sid:84724435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.235.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861334/; classtype:trojan-activity;sid:84724434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.194.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861333/; classtype:trojan-activity;sid:84724433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861332)"; flow:established,from_client; content:"GET"; http_method; content:"/a794a49b-d184-4af2-a23e-a319e88bbcfd"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"lohgcyy.winsportiran.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861332/; classtype:trojan-activity;sid:84724432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.226.203.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861331/; classtype:trojan-activity;sid:84724431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.88.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861330/; classtype:trojan-activity;sid:84724430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861329)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=85d7b6e5-ac5d-4e59-9d64-9b0e4b30b594"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"e40nbbpq.winmastersbetiran.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861329/; classtype:trojan-activity;sid:84724429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.235.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861328/; classtype:trojan-activity;sid:84724428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.16.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861327/; classtype:trojan-activity;sid:84724427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.215.201.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861326/; classtype:trojan-activity;sid:84724426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861325)"; flow:established,from_client; content:"GET"; http_method; content:"/l.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861325/; classtype:trojan-activity;sid:84724425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.44.137.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861324/; classtype:trojan-activity;sid:84724424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861323/; classtype:trojan-activity;sid:84724423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.226.203.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861322/; classtype:trojan-activity;sid:84724422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.138.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861321/; classtype:trojan-activity;sid:84724421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861320)"; flow:established,from_client; content:"GET"; http_method; content:"/32a26452-8744-4b4d-bf14-45c91273590b"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xeledkz.olabahiskayit.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861320/; classtype:trojan-activity;sid:84724420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.16.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861319/; classtype:trojan-activity;sid:84724419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.79.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861318/; classtype:trojan-activity;sid:84724418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.215.201.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861317/; classtype:trojan-activity;sid:84724417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.68.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861316/; classtype:trojan-activity;sid:84724416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.231.231.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861315/; classtype:trojan-activity;sid:84724415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.79.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861314/; classtype:trojan-activity;sid:84724414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.44.137.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861313/; classtype:trojan-activity;sid:84724413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.100.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861312/; classtype:trojan-activity;sid:84724412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.158.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861311/; classtype:trojan-activity;sid:84724411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861310)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=00183947-2f1b-4c64-bbae-a9454ceec829"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"xf4v3zjk.parspoker.casino"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861310/; classtype:trojan-activity;sid:84724410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.136.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861309/; classtype:trojan-activity;sid:84724409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.106.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861308/; classtype:trojan-activity;sid:84724408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.133.221.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861307/; classtype:trojan-activity;sid:84724407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861306)"; flow:established,from_client; content:"GET"; http_method; content:"/207aff48-98af-419a-90c1-2a51478c7023"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ngieimu.kvbel.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861306/; classtype:trojan-activity;sid:84724406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.132.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861305/; classtype:trojan-activity;sid:84724405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.38.196.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861304/; classtype:trojan-activity;sid:84724404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.88.136.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861303/; classtype:trojan-activity;sid:84724403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861302)"; flow:established,from_client; content:"GET"; http_method; content:"/43516c7b-0f0a-43fe-9759-04c062ca6542"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zfomko.jamjahani.cash"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861302/; classtype:trojan-activity;sid:84724402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.23.100.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861301/; classtype:trojan-activity;sid:84724401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.158.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861300/; classtype:trojan-activity;sid:84724400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.106.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861299/; classtype:trojan-activity;sid:84724399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.86.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861298/; classtype:trojan-activity;sid:84724398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.21.120.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861297/; classtype:trojan-activity;sid:84724397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.109.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861296/; classtype:trojan-activity;sid:84724396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861295)"; flow:established,from_client; content:"GET"; http_method; content:"/837f2a29-bebf-4ec0-bbde-1df037eb0354"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"rbbhubp.kbshavanese.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861295/; classtype:trojan-activity;sid:84724395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.53.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861294/; classtype:trojan-activity;sid:84724394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.30.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861293/; classtype:trojan-activity;sid:84724393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.0.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861292/; classtype:trojan-activity;sid:84724392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.148.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861291/; classtype:trojan-activity;sid:84724391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.14.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861290/; classtype:trojan-activity;sid:84724390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.109.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861289/; classtype:trojan-activity;sid:84724389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.21.120.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861288/; classtype:trojan-activity;sid:84724388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.30.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861287/; classtype:trojan-activity;sid:84724387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.0.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861286/; classtype:trojan-activity;sid:84724386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.106.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861285/; classtype:trojan-activity;sid:84724385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.148.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861284/; classtype:trojan-activity;sid:84724384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861283)"; flow:established,from_client; content:"GET"; http_method; content:"/d974017e-43a8-43bf-b31b-804c70fad1a3"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ojpqxkm.one1x.bet"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861283/; classtype:trojan-activity;sid:84724383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.15.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861282/; classtype:trojan-activity;sid:84724382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.112.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861281/; classtype:trojan-activity;sid:84724381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.99.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861280/; classtype:trojan-activity;sid:84724380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.71.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861279/; classtype:trojan-activity;sid:84724379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861278/; classtype:trojan-activity;sid:84724378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.77.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861277/; classtype:trojan-activity;sid:84724377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861267)"; flow:established,from_client; content:"GET"; http_method; content:"/httpswww.tcs.comwhat-we-dotcs-research-and-innovation-group-comapnies.php/"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861267/; classtype:trojan-activity;sid:84724367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861268)"; flow:established,from_client; content:"GET"; http_method; content:"/509/ews/createbestventreforbestpeopelsforme.hta"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861268/; classtype:trojan-activity;sid:84724368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861269)"; flow:established,from_client; content:"GET"; http_method; content:"/httpswww.microsoft.comen-usmicrosoft-365wordms.officeurl=word|7c|26|7c|ocid=cmmiqc2gd00plans-and-pricing.php"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861269/; classtype:trojan-activity;sid:84724369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861270)"; flow:established,from_client; content:"GET"; http_method; content:"/59/img_005019.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861270/; classtype:trojan-activity;sid:84724370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861271)"; flow:established,from_client; content:"GET"; http_method; content:"/66/img_230815.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861271/; classtype:trojan-activity;sid:84724371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861272)"; flow:established,from_client; content:"GET"; http_method; content:"/115/greatnoteswithbestviewthings.hta"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861272/; classtype:trojan-activity;sid:84724372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861273)"; flow:established,from_client; content:"GET"; http_method; content:"/httpsexpertinsights.comdata-security-and-privacytop-secure-file-sharing-storage-services-airline.php"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861273/; classtype:trojan-activity;sid:84724373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861274)"; flow:established,from_client; content:"GET"; http_method; content:"/406/wedeservebetterfeatureforgoldennetworkbuty.hta"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861274/; classtype:trojan-activity;sid:84724374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861275)"; flow:established,from_client; content:"GET"; http_method; content:"/59/fundingforbetterfuturegetmebestthings.hta"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861275/; classtype:trojan-activity;sid:84724375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861276)"; flow:established,from_client; content:"GET"; http_method; content:"/107/glutatheyongoodforhealthme.hta"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861276/; classtype:trojan-activity;sid:84724376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861264)"; flow:established,from_client; content:"GET"; http_method; content:"/509/goodthingswithbetterwaysgivenformebest.js"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861264/; classtype:trojan-activity;sid:84724364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861265)"; flow:established,from_client; content:"GET"; http_method; content:"/68/img_231637.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861265/; classtype:trojan-activity;sid:84724365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861266)"; flow:established,from_client; content:"GET"; http_method; content:"/406/img_101655.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861266/; classtype:trojan-activity;sid:84724366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.89.90.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861263/; classtype:trojan-activity;sid:84724363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.38.199.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861262/; classtype:trojan-activity;sid:84724362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.99.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861261/; classtype:trojan-activity;sid:84724361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.77.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861260/; classtype:trojan-activity;sid:84724360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861259)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=910458e1-bfbe-4992-a5ca-db2e9863a6a3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"chzldmh3.parsbet90.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861259/; classtype:trojan-activity;sid:84724359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861258)"; flow:established,from_client; content:"GET"; http_method; content:"/5b96c8b8-553e-4961-9ac2-19e7cb57ca41"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pbustxk.penalty.casino"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861258/; classtype:trojan-activity;sid:84724358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.55.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861257/; classtype:trojan-activity;sid:84724357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.13.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861256/; classtype:trojan-activity;sid:84724356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861255/; classtype:trojan-activity;sid:84724355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.38.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861254/; classtype:trojan-activity;sid:84724354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861253)"; flow:established,from_client; content:"GET"; http_method; content:"/voicatch/voicath/raw/refs/heads/main/macosx.zip.part2"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861253/; classtype:trojan-activity;sid:84724353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861252)"; flow:established,from_client; content:"GET"; http_method; content:"/voicatch/voicath/raw/refs/heads/main/macosx.zip.part1"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861252/; classtype:trojan-activity;sid:84724352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861251)"; flow:established,from_client; content:"GET"; http_method; content:"/voicatch/voicath/refs/heads/main/file.vbs"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861251/; classtype:trojan-activity;sid:84724351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861250)"; flow:established,from_client; content:"GET"; http_method; content:"/voicatch/voicath/raw/refs/heads/main/file.vbs"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861250/; classtype:trojan-activity;sid:84724350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861249)"; flow:established,from_client; content:"GET"; http_method; content:"/file/ssn2eg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"as.al"; http_host; depth:5; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861249/; classtype:trojan-activity;sid:84724349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861248)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1c3ypqyioszuyr4eszuaplydvr2utpnlu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861248/; classtype:trojan-activity;sid:84724348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861247)"; flow:established,from_client; content:"GET"; http_method; content:"/807/img_222216.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861247/; classtype:trojan-activity;sid:84724347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861246)"; flow:established,from_client; content:"GET"; http_method; content:"/4e1583cb-671b-4768-9f39-b8f1906589d7"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mybjuv.jamjahani.football"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861246/; classtype:trojan-activity;sid:84724346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861245)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.232.123.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861245/; classtype:trojan-activity;sid:84724345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861243)"; flow:established,from_client; content:"GET"; http_method; content:"/p"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.232.123.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861243/; classtype:trojan-activity;sid:84724343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861244)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=14fkurqnz1ju1vngnvxdkrqlhpuuowloe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861244/; classtype:trojan-activity;sid:84724344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.55.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861242/; classtype:trojan-activity;sid:84724342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861241)"; flow:established,from_client; content:"GET"; http_method; content:"/9adfe7fa-3f43-4a7e-be03-899e3f5a3b4a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pbtgvx.pablobet90.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861241/; classtype:trojan-activity;sid:84724341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.196.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861240/; classtype:trojan-activity;sid:84724340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861239)"; flow:established,from_client; content:"GET"; http_method; content:"/cc2e6594-4590-49c7-b608-bff1d8bcd277"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"twvjaye.penalti.website"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861239/; classtype:trojan-activity;sid:84724339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861238)"; flow:established,from_client; content:"GET"; http_method; content:"/2fcb2b8c-ae9a-4163-afe8-65a0ff051b3a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"aencte.oxidbet.bet"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861238/; classtype:trojan-activity;sid:84724338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861237)"; flow:established,from_client; content:"GET"; http_method; content:"/bbac5e20-ddbb-4b2a-a502-8341621c0f0f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zoasav.onlineshart.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861237/; classtype:trojan-activity;sid:84724337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.92.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861236/; classtype:trojan-activity;sid:84724336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.252.234.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861235/; classtype:trojan-activity;sid:84724335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.95.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861234/; classtype:trojan-activity;sid:84724334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.113.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861233/; classtype:trojan-activity;sid:84724333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.120.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861232/; classtype:trojan-activity;sid:84724332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.147.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861231/; classtype:trojan-activity;sid:84724331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.147.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861230/; classtype:trojan-activity;sid:84724330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.233.28.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861229/; classtype:trojan-activity;sid:84724329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.113.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861228/; classtype:trojan-activity;sid:84724328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.252.234.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861227/; classtype:trojan-activity;sid:84724327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861226)"; flow:established,from_client; content:"GET"; http_method; content:"/115ccc47-a990-4938-84e7-b00df6d6deaa"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zexrhdz.penaltibazi.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861226/; classtype:trojan-activity;sid:84724326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.95.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861225/; classtype:trojan-activity;sid:84724325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.233.28.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861224/; classtype:trojan-activity;sid:84724324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.206.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861223/; classtype:trojan-activity;sid:84724323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.207.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861222/; classtype:trojan-activity;sid:84724322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.103.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861221/; classtype:trojan-activity;sid:84724321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861220/; classtype:trojan-activity;sid:84724320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861214)"; flow:established,from_client; content:"GET"; http_method; content:"/6a41da"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861214/; classtype:trojan-activity;sid:84724314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861215)"; flow:established,from_client; content:"GET"; http_method; content:"/5dd7bf"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861215/; classtype:trojan-activity;sid:84724315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861216)"; flow:established,from_client; content:"GET"; http_method; content:"/2a30e9"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861216/; classtype:trojan-activity;sid:84724316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861217)"; flow:established,from_client; content:"GET"; http_method; content:"/c2bd1d"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861217/; classtype:trojan-activity;sid:84724317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861218)"; flow:established,from_client; content:"GET"; http_method; content:"/631474"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861218/; classtype:trojan-activity;sid:84724318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861219)"; flow:established,from_client; content:"GET"; http_method; content:"/928fd9"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861219/; classtype:trojan-activity;sid:84724319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861209)"; flow:established,from_client; content:"GET"; http_method; content:"/36ff62"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861209/; classtype:trojan-activity;sid:84724309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861210)"; flow:established,from_client; content:"GET"; http_method; content:"/552589"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861210/; classtype:trojan-activity;sid:84724310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861211)"; flow:established,from_client; content:"GET"; http_method; content:"/91e87a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861211/; classtype:trojan-activity;sid:84724311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861212)"; flow:established,from_client; content:"GET"; http_method; content:"/2ebade"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861212/; classtype:trojan-activity;sid:84724312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861213)"; flow:established,from_client; content:"GET"; http_method; content:"/2e2e37"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861213/; classtype:trojan-activity;sid:84724313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861208)"; flow:established,from_client; content:"GET"; http_method; content:"/42ac6c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861208/; classtype:trojan-activity;sid:84724308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861207)"; flow:established,from_client; content:"GET"; http_method; content:"/626343"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861207/; classtype:trojan-activity;sid:84724307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861206)"; flow:established,from_client; content:"GET"; http_method; content:"/oxe"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861206/; classtype:trojan-activity;sid:84724306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861200)"; flow:established,from_client; content:"GET"; http_method; content:"/vvar"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861200/; classtype:trojan-activity;sid:84724300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861201)"; flow:established,from_client; content:"GET"; http_method; content:"/e14641"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861201/; classtype:trojan-activity;sid:84724301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861202)"; flow:established,from_client; content:"GET"; http_method; content:"/bkeo"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861202/; classtype:trojan-activity;sid:84724302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861203)"; flow:established,from_client; content:"GET"; http_method; content:"/zzk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861203/; classtype:trojan-activity;sid:84724303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861204)"; flow:established,from_client; content:"GET"; http_method; content:"/a8611e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861204/; classtype:trojan-activity;sid:84724304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861205)"; flow:established,from_client; content:"GET"; http_method; content:"/b1e187"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861205/; classtype:trojan-activity;sid:84724305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861199)"; flow:established,from_client; content:"GET"; http_method; content:"/ise4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861199/; classtype:trojan-activity;sid:84724299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861196)"; flow:established,from_client; content:"GET"; http_method; content:"/tcf"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861196/; classtype:trojan-activity;sid:84724296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861197)"; flow:established,from_client; content:"GET"; http_method; content:"/xzwb"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861197/; classtype:trojan-activity;sid:84724297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861198)"; flow:established,from_client; content:"GET"; http_method; content:"/vquq"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861198/; classtype:trojan-activity;sid:84724298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861190)"; flow:established,from_client; content:"GET"; http_method; content:"/cjz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861190/; classtype:trojan-activity;sid:84724290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861191)"; flow:established,from_client; content:"GET"; http_method; content:"/16466a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861191/; classtype:trojan-activity;sid:84724291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861192)"; flow:established,from_client; content:"GET"; http_method; content:"/5a1b70"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861192/; classtype:trojan-activity;sid:84724292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861193)"; flow:established,from_client; content:"GET"; http_method; content:"/7afd8f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861193/; classtype:trojan-activity;sid:84724293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861194)"; flow:established,from_client; content:"GET"; http_method; content:"/964d78"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861194/; classtype:trojan-activity;sid:84724294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861195)"; flow:established,from_client; content:"GET"; http_method; content:"/v4b"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861195/; classtype:trojan-activity;sid:84724295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861174)"; flow:established,from_client; content:"GET"; http_method; content:"/gwe"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861174/; classtype:trojan-activity;sid:84724274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861175)"; flow:established,from_client; content:"GET"; http_method; content:"/uoc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861175/; classtype:trojan-activity;sid:84724275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861176)"; flow:established,from_client; content:"GET"; http_method; content:"/zhjh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861176/; classtype:trojan-activity;sid:84724276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861177)"; flow:established,from_client; content:"GET"; http_method; content:"/tpa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861177/; classtype:trojan-activity;sid:84724277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861178)"; flow:established,from_client; content:"GET"; http_method; content:"/celn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861178/; classtype:trojan-activity;sid:84724278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861179)"; flow:established,from_client; content:"GET"; http_method; content:"/6987"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861179/; classtype:trojan-activity;sid:84724279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861180)"; flow:established,from_client; content:"GET"; http_method; content:"/lqcy"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861180/; classtype:trojan-activity;sid:84724280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861181)"; flow:established,from_client; content:"GET"; http_method; content:"/hfq"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861181/; classtype:trojan-activity;sid:84724281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861182)"; flow:established,from_client; content:"GET"; http_method; content:"/guo"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861182/; classtype:trojan-activity;sid:84724282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861183)"; flow:established,from_client; content:"GET"; http_method; content:"/e0a338"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861183/; classtype:trojan-activity;sid:84724283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861184)"; flow:established,from_client; content:"GET"; http_method; content:"/qyb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861184/; classtype:trojan-activity;sid:84724284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861185)"; flow:established,from_client; content:"GET"; http_method; content:"/c25933"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861185/; classtype:trojan-activity;sid:84724285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861186)"; flow:established,from_client; content:"GET"; http_method; content:"/cab2e5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861186/; classtype:trojan-activity;sid:84724286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861187)"; flow:established,from_client; content:"GET"; http_method; content:"/297a79"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861187/; classtype:trojan-activity;sid:84724287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861188)"; flow:established,from_client; content:"GET"; http_method; content:"/ae418a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861188/; classtype:trojan-activity;sid:84724288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861189)"; flow:established,from_client; content:"GET"; http_method; content:"/0cd571"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861189/; classtype:trojan-activity;sid:84724289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861163)"; flow:established,from_client; content:"GET"; http_method; content:"/7f1fc5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861163/; classtype:trojan-activity;sid:84724263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861164)"; flow:established,from_client; content:"GET"; http_method; content:"/95d387"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861164/; classtype:trojan-activity;sid:84724264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861165)"; flow:established,from_client; content:"GET"; http_method; content:"/add984"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861165/; classtype:trojan-activity;sid:84724265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861166)"; flow:established,from_client; content:"GET"; http_method; content:"/d4a14f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861166/; classtype:trojan-activity;sid:84724266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861167)"; flow:established,from_client; content:"GET"; http_method; content:"/35754f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861167/; classtype:trojan-activity;sid:84724267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861168)"; flow:established,from_client; content:"GET"; http_method; content:"/5e939d"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861168/; classtype:trojan-activity;sid:84724268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861169)"; flow:established,from_client; content:"GET"; http_method; content:"/64afa1"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861169/; classtype:trojan-activity;sid:84724269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861170)"; flow:established,from_client; content:"GET"; http_method; content:"/2d6571"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861170/; classtype:trojan-activity;sid:84724270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861171)"; flow:established,from_client; content:"GET"; http_method; content:"/544196"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861171/; classtype:trojan-activity;sid:84724271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861172)"; flow:established,from_client; content:"GET"; http_method; content:"/e1502e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861172/; classtype:trojan-activity;sid:84724272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861173)"; flow:established,from_client; content:"GET"; http_method; content:"/59iu"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861173/; classtype:trojan-activity;sid:84724273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861159)"; flow:established,from_client; content:"GET"; http_method; content:"/qxxm"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861159/; classtype:trojan-activity;sid:84724259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861160)"; flow:established,from_client; content:"GET"; http_method; content:"/owby"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861160/; classtype:trojan-activity;sid:84724260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861161)"; flow:established,from_client; content:"GET"; http_method; content:"/e1b"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861161/; classtype:trojan-activity;sid:84724261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861162)"; flow:established,from_client; content:"GET"; http_method; content:"/wbvp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861162/; classtype:trojan-activity;sid:84724262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861157)"; flow:established,from_client; content:"GET"; http_method; content:"/k"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.151.182.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861157/; classtype:trojan-activity;sid:84724257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861158)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.151.182.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861158/; classtype:trojan-activity;sid:84724258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861156)"; flow:established,from_client; content:"GET"; http_method; content:"/images/loner.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"delte-mobrey.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861156/; classtype:trojan-activity;sid:84724256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861155)"; flow:established,from_client; content:"GET"; http_method; content:"/bot"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"83.142.209.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861155/; classtype:trojan-activity;sid:84724255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861147)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861147/; classtype:trojan-activity;sid:84724247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861148)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861148/; classtype:trojan-activity;sid:84724248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861149)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861149/; classtype:trojan-activity;sid:84724249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861150)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861150/; classtype:trojan-activity;sid:84724250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861151)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861151/; classtype:trojan-activity;sid:84724251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861152)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861152/; classtype:trojan-activity;sid:84724252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.103.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861153/; classtype:trojan-activity;sid:84724253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861154)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/dbg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861154/; classtype:trojan-activity;sid:84724254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861142)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861142/; classtype:trojan-activity;sid:84724242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861143)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861143/; classtype:trojan-activity;sid:84724243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861144)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861144/; classtype:trojan-activity;sid:84724244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861145)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861145/; classtype:trojan-activity;sid:84724245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861146)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861146/; classtype:trojan-activity;sid:84724246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861141/; classtype:trojan-activity;sid:84724241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"64.89.161.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861140/; classtype:trojan-activity;sid:84724240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861139/; classtype:trojan-activity;sid:84724239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.151.182.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861137/; classtype:trojan-activity;sid:84724237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"64.89.161.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861138/; classtype:trojan-activity;sid:84724238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.151.182.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861136/; classtype:trojan-activity;sid:84724236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861135)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.89.161.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861135/; classtype:trojan-activity;sid:84724235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.151.182.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861134/; classtype:trojan-activity;sid:84724234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861133/; classtype:trojan-activity;sid:84724233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861132)"; flow:established,from_client; content:"GET"; http_method; content:"/68e88e56-2bf0-44c0-bcc7-a67c7f67fbe5"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ikbnssq.persian.sex"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861132/; classtype:trojan-activity;sid:84724232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861131)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=1356cba2-f652-4725-9bbd-7613eb73acad"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"0fqk0ho2.mrbet90.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861131/; classtype:trojan-activity;sid:84724231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861130)"; flow:established,from_client; content:"GET"; http_method; content:"/exploit.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.118.132.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861130/; classtype:trojan-activity;sid:84724230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.54.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861129/; classtype:trojan-activity;sid:84724229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861128)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=8276bb73-9f2b-436a-b772-ddd75e62ab36"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"t748i6is.volleyball.vip"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861128/; classtype:trojan-activity;sid:84724228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861127)"; flow:established,from_client; content:"GET"; http_method; content:"/f040cfda-acbd-4736-82ca-703afe65cb48"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zebswzz.one1xbet.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861127/; classtype:trojan-activity;sid:84724227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.71.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861126/; classtype:trojan-activity;sid:84724226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.54.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861125/; classtype:trojan-activity;sid:84724225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.80.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861124/; classtype:trojan-activity;sid:84724224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.125.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861123/; classtype:trojan-activity;sid:84724223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861122)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.95.11.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861122/; classtype:trojan-activity;sid:84724222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861121)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.95.11.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861121/; classtype:trojan-activity;sid:84724221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861120)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"202.95.11.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861120/; classtype:trojan-activity;sid:84724220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861119)"; flow:established,from_client; content:"GET"; http_method; content:"/2a12a36d-9fe6-4c21-b683-f561b77eaf4c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"flnntj.persianabet.casino"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861119/; classtype:trojan-activity;sid:84724219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.205.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861118/; classtype:trojan-activity;sid:84724218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.83.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861117/; classtype:trojan-activity;sid:84724217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861116)"; flow:established,from_client; content:"GET"; http_method; content:"/66115c0a-2dbf-43d6-bceb-042fb60a3663"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"idwpuur.ninjafruitcubes.bet"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861116/; classtype:trojan-activity;sid:84724216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861115)"; flow:established,from_client; content:"GET"; http_method; content:"/4ea72eeb-793c-4d36-b9ef-a5056a389cb8"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hfgzvf.perfectgameiran.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861115/; classtype:trojan-activity;sid:84724215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861114)"; flow:established,from_client; content:"GET"; http_method; content:"/bb3e3aa2-ba39-4e8e-81e6-de566f08faf7"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"syheuby.mangobetfarsi.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861114/; classtype:trojan-activity;sid:84724214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.238.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861113/; classtype:trojan-activity;sid:84724213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.127.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861112/; classtype:trojan-activity;sid:84724212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.75.14.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861111/; classtype:trojan-activity;sid:84724211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.100.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861110/; classtype:trojan-activity;sid:84724210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.238.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861109/; classtype:trojan-activity;sid:84724209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861108)"; flow:established,from_client; content:"GET"; http_method; content:"/imagey973.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861108/; classtype:trojan-activity;sid:84724208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861107)"; flow:established,from_client; content:"GET"; http_method; content:"/speachhouse.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861107/; classtype:trojan-activity;sid:84724207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861106)"; flow:established,from_client; content:"GET"; http_method; content:"/imageps293.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861106/; classtype:trojan-activity;sid:84724206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861100)"; flow:established,from_client; content:"GET"; http_method; content:"/clientmmmmmmmmmm.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861100/; classtype:trojan-activity;sid:84724200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861101)"; flow:established,from_client; content:"GET"; http_method; content:"/imageiiiii88.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861101/; classtype:trojan-activity;sid:84724201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861102)"; flow:established,from_client; content:"GET"; http_method; content:"/imagenyueteuppol45.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861102/; classtype:trojan-activity;sid:84724202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861103)"; flow:established,from_client; content:"GET"; http_method; content:"/sallah.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861103/; classtype:trojan-activity;sid:84724203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861104)"; flow:established,from_client; content:"GET"; http_method; content:"/clientmay.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861104/; classtype:trojan-activity;sid:84724204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861105)"; flow:established,from_client; content:"GET"; http_method; content:"/67890.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861105/; classtype:trojan-activity;sid:84724205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861099)"; flow:established,from_client; content:"GET"; http_method; content:"/imageqqqqqq111.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861099/; classtype:trojan-activity;sid:84724199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861096)"; flow:established,from_client; content:"GET"; http_method; content:"/ijklmnopqrxtu.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861096/; classtype:trojan-activity;sid:84724196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861097)"; flow:established,from_client; content:"GET"; http_method; content:"/imagelouyytr09009.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861097/; classtype:trojan-activity;sid:84724197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861098)"; flow:established,from_client; content:"GET"; http_method; content:"/imagethur3.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861098/; classtype:trojan-activity;sid:84724198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861094)"; flow:established,from_client; content:"GET"; http_method; content:"/0982.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861094/; classtype:trojan-activity;sid:84724194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861095)"; flow:established,from_client; content:"GET"; http_method; content:"/clientmmmmiiii.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861095/; classtype:trojan-activity;sid:84724195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861087)"; flow:established,from_client; content:"GET"; http_method; content:"/kkkkkkkksieopelloptrf.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861087/; classtype:trojan-activity;sid:84724187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861088)"; flow:established,from_client; content:"GET"; http_method; content:"/imagevvvvvv980.png"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861088/; classtype:trojan-activity;sid:84724188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861089)"; flow:established,from_client; content:"GET"; http_method; content:"/sddilo.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861089/; classtype:trojan-activity;sid:84724189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861090)"; flow:established,from_client; content:"GET"; http_method; content:"/imagelophg09876.png"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861090/; classtype:trojan-activity;sid:84724190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861091)"; flow:established,from_client; content:"GET"; http_method; content:"/venumol0985.png"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861091/; classtype:trojan-activity;sid:84724191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861092)"; flow:established,from_client; content:"GET"; http_method; content:"/123456789.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861092/; classtype:trojan-activity;sid:84724192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861093)"; flow:established,from_client; content:"GET"; http_method; content:"/image445.png"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"everycarebd.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861093/; classtype:trojan-activity;sid:84724193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861086)"; flow:established,from_client; content:"GET"; http_method; content:"/e21aca47-59ac-437a-a23f-f0fc4160d501"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"qcqsin.yasbet90.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861086/; classtype:trojan-activity;sid:84724186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861085)"; flow:established,from_client; content:"GET"; http_method; content:"/779f2e95-ee00-4fbe-8b49-4e80c5c74cc4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vvpfsda.pasoor11.bet"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861085/; classtype:trojan-activity;sid:84724185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861084)"; flow:established,from_client; content:"GET"; http_method; content:"/2222.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vrdccbank.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861084/; classtype:trojan-activity;sid:84724184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.176.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861083/; classtype:trojan-activity;sid:84724183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861082)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.176.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861082/; classtype:trojan-activity;sid:84724182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861081)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=efc0003a-2c59-4502-ac39-96e3ff533e46"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"e20yl90d.parsgoal90.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861081/; classtype:trojan-activity;sid:84724181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861080)"; flow:established,from_client; content:"GET"; http_method; content:"/4a60ef59-fce6-4a92-bab6-3049e1d95698"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zjuflao.pasur21.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861080/; classtype:trojan-activity;sid:84724180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.80.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861079/; classtype:trojan-activity;sid:84724179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.147.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861078/; classtype:trojan-activity;sid:84724178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.141.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861077/; classtype:trojan-activity;sid:84724177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.236.74.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861076/; classtype:trojan-activity;sid:84724176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.255.251.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861075/; classtype:trojan-activity;sid:84724175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.99.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861074/; classtype:trojan-activity;sid:84724174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.99.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861073/; classtype:trojan-activity;sid:84724173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.141.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861072/; classtype:trojan-activity;sid:84724172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.225.163.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861071/; classtype:trojan-activity;sid:84724171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.236.74.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861070/; classtype:trojan-activity;sid:84724170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861068)"; flow:established,from_client; content:"GET"; http_method; content:"/snaxh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.rywh1405.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861068/; classtype:trojan-activity;sid:84724168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861069)"; flow:established,from_client; content:"GET"; http_method; content:"/ugfsa"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"www.rywh1405.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861069/; classtype:trojan-activity;sid:84724169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861066)"; flow:established,from_client; content:"GET"; http_method; content:"/ohyrjyb7.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.29.9.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861066/; classtype:trojan-activity;sid:84724166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861067)"; flow:established,from_client; content:"GET"; http_method; content:"/jyqun174.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.29.9.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861067/; classtype:trojan-activity;sid:84724167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861061)"; flow:established,from_client; content:"GET"; http_method; content:"/caywoyq34.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.29.9.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861061/; classtype:trojan-activity;sid:84724161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861062)"; flow:established,from_client; content:"GET"; http_method; content:"/ctbqk122.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.29.9.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861062/; classtype:trojan-activity;sid:84724162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861063)"; flow:established,from_client; content:"GET"; http_method; content:"/ikaxsijy190.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.29.9.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861063/; classtype:trojan-activity;sid:84724163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861064)"; flow:established,from_client; content:"GET"; http_method; content:"/vvlumcuutxuzaymyt104.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.29.9.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861064/; classtype:trojan-activity;sid:84724164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861065)"; flow:established,from_client; content:"GET"; http_method; content:"/kkostvstem/dwbfxgkfgvicjs220.bin"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"queendent.hu"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861065/; classtype:trojan-activity;sid:84724165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861059)"; flow:established,from_client; content:"GET"; http_method; content:"/curl/05523c8231cb3b01d6554123a1c994aa09ef6c8e4e0804d3ae8bfaa028aa0db9"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"maplecirrus.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861059/; classtype:trojan-activity;sid:84724159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861060)"; flow:established,from_client; content:"GET"; http_method; content:"/curl/*"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"maplecirrus.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861060/; classtype:trojan-activity;sid:84724160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.53.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861058/; classtype:trojan-activity;sid:84724158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.248.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861057/; classtype:trojan-activity;sid:84724157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.227.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861056/; classtype:trojan-activity;sid:84724156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.249.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861055/; classtype:trojan-activity;sid:84724155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861054)"; flow:established,from_client; content:"GET"; http_method; content:"/4cbe007e-adef-4c6a-b021-3ecce9e89451"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fporlgd.penality.bet"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861054/; classtype:trojan-activity;sid:84724154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.212.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861053/; classtype:trojan-activity;sid:84724153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.12.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861052/; classtype:trojan-activity;sid:84724152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.227.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861051/; classtype:trojan-activity;sid:84724151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.82.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861050/; classtype:trojan-activity;sid:84724150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.244.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861049/; classtype:trojan-activity;sid:84724149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.74.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861048/; classtype:trojan-activity;sid:84724148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.182.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861047/; classtype:trojan-activity;sid:84724147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861046)"; flow:established,from_client; content:"GET"; http_method; content:"/a0d634ec-ba2f-4f72-bfbb-6fdc6d606539"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"vdchddh.penaltibazi.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861046/; classtype:trojan-activity;sid:84724146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.225.163.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861045/; classtype:trojan-activity;sid:84724145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861042)"; flow:established,from_client; content:"GET"; http_method; content:"/2023"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"143.92.48.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861042/; classtype:trojan-activity;sid:84724142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861043)"; flow:established,from_client; content:"GET"; http_method; content:"/2023"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"143.92.48.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861043/; classtype:trojan-activity;sid:84724143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861044)"; flow:established,from_client; content:"GET"; http_method; content:"/2023"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"143.92.48.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861044/; classtype:trojan-activity;sid:84724144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.212.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861041/; classtype:trojan-activity;sid:84724141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.165.71.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861040/; classtype:trojan-activity;sid:84724140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861039)"; flow:established,from_client; content:"GET"; http_method; content:"/9252ba41-d395-42e4-af91-93fb55481368"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xhfecr.jamjahani2026.football"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861039/; classtype:trojan-activity;sid:84724139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.27.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861038/; classtype:trojan-activity;sid:84724138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861037)"; flow:established,from_client; content:"GET"; http_method; content:"/cc99dc58-2285-457d-b424-d8d8b49426d4"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jwfckz.onlineshart.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861037/; classtype:trojan-activity;sid:84724137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861036)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.220.66.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861036/; classtype:trojan-activity;sid:84724136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.59.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861035/; classtype:trojan-activity;sid:84724135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.182.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861034/; classtype:trojan-activity;sid:84724134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861033)"; flow:established,from_client; content:"GET"; http_method; content:"/807/greatnessideadsbeomcebestthingsforme.hta"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861033/; classtype:trojan-activity;sid:84724133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861030)"; flow:established,from_client; content:"GET"; http_method; content:"/807/vzt_222216.cat"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861030/; classtype:trojan-activity;sid:84724130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861031)"; flow:established,from_client; content:"GET"; http_method; content:"/httpswww.pcmag.compicksthe-best-cloud-storage-and-file-sharing-servicestest_uuid=05zuputsjijl9et37twfqcl|7c|26|7c|test_variant=aos.php"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"107.173.9.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861031/; classtype:trojan-activity;sid:84724131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861032)"; flow:established,from_client; content:"GET"; http_method; content:"/520ee948-b1eb-48fe-a5c0-2cc2cce6661e"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"oczvda.oxidbet.bet"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861032/; classtype:trojan-activity;sid:84724132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.165.71.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861029/; classtype:trojan-activity;sid:84724129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861027)"; flow:established,from_client; content:"GET"; http_method; content:"/ba38d225-c05c-4c9b-bf1c-7c46250643c2"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"jjgnawd.penalti.website"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861027/; classtype:trojan-activity;sid:84724127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861028)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=8a52ab47-39f1-4faf-819f-b54cd115ac56"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"te3znaut.parspoker90.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861028/; classtype:trojan-activity;sid:84724128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861026)"; flow:established,from_client; content:"GET"; http_method; content:"/fcf63cb7-ac1e-4788-ae35-e523551b6180"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hknnbq.pablobet90.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861026/; classtype:trojan-activity;sid:84724126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.59.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861025/; classtype:trojan-activity;sid:84724125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.75.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861024/; classtype:trojan-activity;sid:84724124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861023)"; flow:established,from_client; content:"GET"; http_method; content:"/xx.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861023/; classtype:trojan-activity;sid:84724123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.117.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861022/; classtype:trojan-activity;sid:84724122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.30.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861021/; classtype:trojan-activity;sid:84724121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.190.134.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861020/; classtype:trojan-activity;sid:84724120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.252.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861019/; classtype:trojan-activity;sid:84724119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.194.227.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861018/; classtype:trojan-activity;sid:84724118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.190.134.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861017/; classtype:trojan-activity;sid:84724117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.194.227.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861016/; classtype:trojan-activity;sid:84724116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.196.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861015/; classtype:trojan-activity;sid:84724115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.252.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861014/; classtype:trojan-activity;sid:84724114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.28.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861012/; classtype:trojan-activity;sid:84724112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.143.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861013/; classtype:trojan-activity;sid:84724113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.147.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861011/; classtype:trojan-activity;sid:84724111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.30.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861010/; classtype:trojan-activity;sid:84724110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.233.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861009/; classtype:trojan-activity;sid:84724109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.205.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861007/; classtype:trojan-activity;sid:84724107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861008)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=920cb201-2ae4-4839-b5d0-6fb4fbaa05e9"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"h0t75jy5.betgopro.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861008/; classtype:trojan-activity;sid:84724108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.196.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861006/; classtype:trojan-activity;sid:84724106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.53.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861005/; classtype:trojan-activity;sid:84724105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861004)"; flow:established,from_client; content:"GET"; http_method; content:"/ebe30608-c8df-49ff-8bfd-ec2809737296"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zrqkapj.one1x.bet"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861004/; classtype:trojan-activity;sid:84724104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.28.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861003/; classtype:trojan-activity;sid:84724103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.121.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861002/; classtype:trojan-activity;sid:84724102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861001)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.205.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861001/; classtype:trojan-activity;sid:84724101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3861000)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.121.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3861000/; classtype:trojan-activity;sid:84724100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.162.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860999/; classtype:trojan-activity;sid:84724099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.123.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860998/; classtype:trojan-activity;sid:84724098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.93.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860997/; classtype:trojan-activity;sid:84724097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.233.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860996/; classtype:trojan-activity;sid:84724096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860995)"; flow:established,from_client; content:"GET"; http_method; content:"/453fd1b9-97d7-4d99-b058-671b586b5f0f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"fhvteyb.kbshavanese.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860995/; classtype:trojan-activity;sid:84724095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.162.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860994/; classtype:trojan-activity;sid:84724094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.41.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860993/; classtype:trojan-activity;sid:84724093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860992)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"112.213.121.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860992/; classtype:trojan-activity;sid:84724092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860991)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"38.76.198.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860991/; classtype:trojan-activity;sid:84724091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860990)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.76.198.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860990/; classtype:trojan-activity;sid:84724090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860989)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"38.76.198.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860989/; classtype:trojan-activity;sid:84724089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860980)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"38.76.198.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860980/; classtype:trojan-activity;sid:84724080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860981)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"38.76.198.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860981/; classtype:trojan-activity;sid:84724081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860982)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.76.198.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860982/; classtype:trojan-activity;sid:84724082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860983)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"38.76.198.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860983/; classtype:trojan-activity;sid:84724083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860984)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"38.76.198.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860984/; classtype:trojan-activity;sid:84724084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860985)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"38.76.198.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860985/; classtype:trojan-activity;sid:84724085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860986)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"38.76.198.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860986/; classtype:trojan-activity;sid:84724086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860987)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"38.76.198.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860987/; classtype:trojan-activity;sid:84724087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860988)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"38.76.198.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860988/; classtype:trojan-activity;sid:84724088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860979)"; flow:established,from_client; content:"GET"; http_method; content:"/aa7caee1-668a-417e-9ecf-529cfdd77aa9"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cebsrg.jamjahani.football"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860979/; classtype:trojan-activity;sid:84724079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.34.109.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860978/; classtype:trojan-activity;sid:84724078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.123.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860977/; classtype:trojan-activity;sid:84724077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860976)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=c15e84fb-3a94-463e-81db-dc92976775a8"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"gwu729hw.parspoker.casino"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860976/; classtype:trojan-activity;sid:84724076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860975)"; flow:established,from_client; content:"GET"; http_method; content:"/ef24e2b2-6a69-4827-a2c8-1ecd9345b556"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hjwaxur.kvbel.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860975/; classtype:trojan-activity;sid:84724075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860973)"; flow:established,from_client; content:"GET"; http_method; content:"/nc64.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.98.10.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860973/; classtype:trojan-activity;sid:84724073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860974)"; flow:established,from_client; content:"GET"; http_method; content:"/printspoofer64.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"141.98.10.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860974/; classtype:trojan-activity;sid:84724074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.225.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860972/; classtype:trojan-activity;sid:84724072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.0.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860971/; classtype:trojan-activity;sid:84724071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860970)"; flow:established,from_client; content:"GET"; http_method; content:"/df026e27-a7a1-4d3f-b289-e42b25ed4c1c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"inmjycz.olabahiskayit.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860970/; classtype:trojan-activity;sid:84724070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.168.0.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860969/; classtype:trojan-activity;sid:84724069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.225.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860968/; classtype:trojan-activity;sid:84724068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860967)"; flow:established,from_client; content:"GET"; http_method; content:"/favour1.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"vrdccbank.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860967/; classtype:trojan-activity;sid:84724067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860966)"; flow:established,from_client; content:"GET"; http_method; content:"/bfc31803-6e1c-4ce6-a99f-44c75d4c0e0c"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"rykwhjt.winsportiran.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860966/; classtype:trojan-activity;sid:84724066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860965)"; flow:established,from_client; content:"GET"; http_method; content:"/doppee12.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vrdccbank.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860965/; classtype:trojan-activity;sid:84724065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860964)"; flow:established,from_client; content:"GET"; http_method; content:"/b40ac294-23e4-4e6a-a8de-1be679dcd172"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"tviyhdt.winstone.casino"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860964/; classtype:trojan-activity;sid:84724064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.39.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860963/; classtype:trojan-activity;sid:84724063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"108.168.0.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860962/; classtype:trojan-activity;sid:84724062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.14.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860961/; classtype:trojan-activity;sid:84724061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860960)"; flow:established,from_client; content:"GET"; http_method; content:"/zhcahnmc228.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.29.10.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860960/; classtype:trojan-activity;sid:84724060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.194.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860959/; classtype:trojan-activity;sid:84724059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860951)"; flow:established,from_client; content:"GET"; http_method; content:"/ndgivqaajmmygnygnplcip95.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.29.10.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860951/; classtype:trojan-activity;sid:84724051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860952)"; flow:established,from_client; content:"GET"; http_method; content:"/jnyxvlparpmw60.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.29.10.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860952/; classtype:trojan-activity;sid:84724052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860953)"; flow:established,from_client; content:"GET"; http_method; content:"/wjtftsa232.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.29.10.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860953/; classtype:trojan-activity;sid:84724053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860954)"; flow:established,from_client; content:"GET"; http_method; content:"/rqpff187.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.29.10.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860954/; classtype:trojan-activity;sid:84724054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860955)"; flow:established,from_client; content:"GET"; http_method; content:"/thjlitbridckzzo222.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.29.10.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860955/; classtype:trojan-activity;sid:84724055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860956)"; flow:established,from_client; content:"GET"; http_method; content:"/ctrqllfxs160.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.29.10.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860956/; classtype:trojan-activity;sid:84724056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860957)"; flow:established,from_client; content:"GET"; http_method; content:"/disiorfsknbvqpxjgo26.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.29.10.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860957/; classtype:trojan-activity;sid:84724057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860958)"; flow:established,from_client; content:"GET"; http_method; content:"/mrbhdjjpcoenooa195.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.29.10.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860958/; classtype:trojan-activity;sid:84724058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860950)"; flow:established,from_client; content:"GET"; http_method; content:"/jgjcsqlth184.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"185.29.10.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860950/; classtype:trojan-activity;sid:84724050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860949)"; flow:established,from_client; content:"GET"; http_method; content:"/download/direct/baa0ac54-9c64-452e-88bb-a04605b8661a/pressvoice.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"store-eu-par-3.gofile.io"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860949/; classtype:trojan-activity;sid:84724049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.248.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860948/; classtype:trojan-activity;sid:84724048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.0.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860947/; classtype:trojan-activity;sid:84724047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860946)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"38.76.210.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860946/; classtype:trojan-activity;sid:84724046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.39.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860945/; classtype:trojan-activity;sid:84724045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860944)"; flow:established,from_client; content:"GET"; http_method; content:"/8763c313-35b0-4c78-95e5-df131c5a0d33"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"mpozwop.winxbet.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860944/; classtype:trojan-activity;sid:84724044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.247.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860943/; classtype:trojan-activity;sid:84724043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860942)"; flow:established,from_client; content:"GET"; http_method; content:"/f160ba90-fb05-4bee-bd55-63470f0efe0d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"xzelng.jamjahani.cash"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860942/; classtype:trojan-activity;sid:84724042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.247.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860941/; classtype:trojan-activity;sid:84724041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.198.242.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860940/; classtype:trojan-activity;sid:84724040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860939)"; flow:established,from_client; content:"GET"; http_method; content:"/b39422c8-1821-4984-b46b-0c9c843a9ddc"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"yynpur.perfectgame.casino"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860939/; classtype:trojan-activity;sid:84724039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.114.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860938/; classtype:trojan-activity;sid:84724038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.248.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860937/; classtype:trojan-activity;sid:84724037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860936)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"156.238.236.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860936/; classtype:trojan-activity;sid:84724036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860935)"; flow:established,from_client; content:"GET"; http_method; content:"/fb82f5d8-cce7-40fc-8896-e8b203ed6459"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ebwgtb.vezaratshart.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860935/; classtype:trojan-activity;sid:84724035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860934)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=d790b449-8936-4e40-ba1c-a74795a3adb5"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"5dwz6wj9.yekbetiran.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860934/; classtype:trojan-activity;sid:84724034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.236.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860933/; classtype:trojan-activity;sid:84724033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.101.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860932/; classtype:trojan-activity;sid:84724032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.177.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860931/; classtype:trojan-activity;sid:84724031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860930)"; flow:established,from_client; content:"GET"; http_method; content:"/2bd8ac"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.12.31.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860930/; classtype:trojan-activity;sid:84724030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.19.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860929/; classtype:trojan-activity;sid:84724029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860928)"; flow:established,from_client; content:"GET"; http_method; content:"/327a6d36-331b-491c-bd15-a5f8dad3c2f0"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"anpysts.yasbetapp.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860928/; classtype:trojan-activity;sid:84724028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.89.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860927/; classtype:trojan-activity;sid:84724027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860926/; classtype:trojan-activity;sid:84724026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.34.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860925/; classtype:trojan-activity;sid:84724025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.232.137.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860924/; classtype:trojan-activity;sid:84724024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.198.242.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860923/; classtype:trojan-activity;sid:84724023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.106.225.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860922/; classtype:trojan-activity;sid:84724022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.90.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860921/; classtype:trojan-activity;sid:84724021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.226.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860920/; classtype:trojan-activity;sid:84724020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860919)"; flow:established,from_client; content:"GET"; http_method; content:"/birdsknocked/"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paste.sensio.no"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860919/; classtype:trojan-activity;sid:84724019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860918)"; flow:established,from_client; content:"GET"; http_method; content:"/rovingrandy/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.sensio.no"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860918/; classtype:trojan-activity;sid:84724018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.89.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860917/; classtype:trojan-activity;sid:84724017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860914)"; flow:established,from_client; content:"GET"; http_method; content:"/tulipscalling"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paste.sensio.no"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860914/; classtype:trojan-activity;sid:84724014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860915)"; flow:established,from_client; content:"GET"; http_method; content:"/centraltippin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"paste.sensio.no"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860915/; classtype:trojan-activity;sid:84724015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860916)"; flow:established,from_client; content:"GET"; http_method; content:"/seymourleagues"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"paste.sensio.no"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860916/; classtype:trojan-activity;sid:84724016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860913)"; flow:established,from_client; content:"GET"; http_method; content:"/arlendenial"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"paste.sensio.no"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860913/; classtype:trojan-activity;sid:84724013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860912)"; flow:established,from_client; content:"GET"; http_method; content:"/javiergigolo"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.sensio.no"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860912/; classtype:trojan-activity;sid:84724012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860910)"; flow:established,from_client; content:"GET"; http_method; content:"/apartairways"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"paste.sensio.no"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860910/; classtype:trojan-activity;sid:84724010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860911)"; flow:established,from_client; content:"GET"; http_method; content:"/citationcallers"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"paste.sensio.no"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860911/; classtype:trojan-activity;sid:84724011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860908)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/ikcdoaf.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.websenorllc.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860908/; classtype:trojan-activity;sid:84724008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860909)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/jrdpkhg.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.websenorllc.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860909/; classtype:trojan-activity;sid:84724009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.13.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860907/; classtype:trojan-activity;sid:84724007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860902)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.armv7l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"104.248.192.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860902/; classtype:trojan-activity;sid:84724002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860903)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.powerpc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"104.248.192.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860903/; classtype:trojan-activity;sid:84724003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860904)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"104.248.192.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860904/; classtype:trojan-activity;sid:84724004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860905)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"104.248.192.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860905/; classtype:trojan-activity;sid:84724005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.34.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860906/; classtype:trojan-activity;sid:84724006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860895)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.mipsel"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"104.248.192.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860895/; classtype:trojan-activity;sid:84723995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860896)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.armv4l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"104.248.192.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860896/; classtype:trojan-activity;sid:84723996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860897)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.i586"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"104.248.192.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860897/; classtype:trojan-activity;sid:84723997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860898)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"104.248.192.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860898/; classtype:trojan-activity;sid:84723998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860899)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.armv6l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"104.248.192.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860899/; classtype:trojan-activity;sid:84723999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860900)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"104.248.192.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860900/; classtype:trojan-activity;sid:84724000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860901)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/nova.armv5l"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"104.248.192.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860901/; classtype:trojan-activity;sid:84724001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.177.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860894/; classtype:trojan-activity;sid:84723994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.101.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860893/; classtype:trojan-activity;sid:84723993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860892)"; flow:established,from_client; content:"GET"; http_method; content:"/f8a0a06c-b359-4a38-a34f-b1a4942dfaed"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cqvdiki.xenicalby6.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860892/; classtype:trojan-activity;sid:84723992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860891)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.189.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860891/; classtype:trojan-activity;sid:84723991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.202.186.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860890/; classtype:trojan-activity;sid:84723990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.226.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860889/; classtype:trojan-activity;sid:84723989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860888)"; flow:established,from_client; content:"GET"; http_method; content:"/nova.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nova.ismak.icu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860888/; classtype:trojan-activity;sid:84723988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860887)"; flow:established,from_client; content:"GET"; http_method; content:"/fdclient.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860887/; classtype:trojan-activity;sid:84723987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.202.186.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860886/; classtype:trojan-activity;sid:84723986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.148.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860885/; classtype:trojan-activity;sid:84723985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.41.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860884/; classtype:trojan-activity;sid:84723984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.114.220.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860883/; classtype:trojan-activity;sid:84723983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.215.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860882/; classtype:trojan-activity;sid:84723982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.250.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860881/; classtype:trojan-activity;sid:84723981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860880)"; flow:established,from_client; content:"GET"; http_method; content:"/f8ce4e3e-a8cf-4723-875c-930418324c25"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pmhaqci.x50wheel.bet"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860880/; classtype:trojan-activity;sid:84723980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.86.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860879/; classtype:trojan-activity;sid:84723979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.189.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860878/; classtype:trojan-activity;sid:84723978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860877)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=755318a6-5499-445f-9fe5-6675faf460aa"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"qll4p9fw.one1xiran.bet"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860877/; classtype:trojan-activity;sid:84723977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860876)"; flow:established,from_client; content:"GET"; http_method; content:"/error84"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.224.92.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860876/; classtype:trojan-activity;sid:84723976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860874)"; flow:established,from_client; content:"GET"; http_method; content:"/check1.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.224.92.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860874/; classtype:trojan-activity;sid:84723974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860875)"; flow:established,from_client; content:"GET"; http_method; content:"/syst3md"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.224.92.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860875/; classtype:trojan-activity;sid:84723975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860873)"; flow:established,from_client; content:"GET"; http_method; content:"/check.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.224.92.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860873/; classtype:trojan-activity;sid:84723973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860869)"; flow:established,from_client; content:"GET"; http_method; content:"/mnza"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860869/; classtype:trojan-activity;sid:84723969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860870)"; flow:established,from_client; content:"GET"; http_method; content:"/z9di"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860870/; classtype:trojan-activity;sid:84723970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860871)"; flow:established,from_client; content:"GET"; http_method; content:"/c3p"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860871/; classtype:trojan-activity;sid:84723971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860872)"; flow:established,from_client; content:"GET"; http_method; content:"/jo6"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860872/; classtype:trojan-activity;sid:84723972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860864)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"38.79.154.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860864/; classtype:trojan-activity;sid:84723964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860865)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"38.79.154.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860865/; classtype:trojan-activity;sid:84723965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860866)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"38.79.154.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860866/; classtype:trojan-activity;sid:84723966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860867)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i468"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"38.79.154.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860867/; classtype:trojan-activity;sid:84723967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860868)"; flow:established,from_client; content:"GET"; http_method; content:"/2ke2"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860868/; classtype:trojan-activity;sid:84723968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.242.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860863/; classtype:trojan-activity;sid:84723963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860862)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.97.178.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860862/; classtype:trojan-activity;sid:84723962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860861)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"114.134.189.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860861/; classtype:trojan-activity;sid:84723961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.239.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860860/; classtype:trojan-activity;sid:84723960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860859)"; flow:established,from_client; content:"GET"; http_method; content:"/a66d38ec-111e-439f-be44-702e7b6fc426"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zlyupbm.wrfc8.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860859/; classtype:trojan-activity;sid:84723959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.89.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860858/; classtype:trojan-activity;sid:84723958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860857)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=49c7479b-ac01-4b5a-8b3c-9784a7fa0ca8"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"9t9m7lad.yektbet.bet"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860857/; classtype:trojan-activity;sid:84723957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860856)"; flow:established,from_client; content:"GET"; http_method; content:"/4233e820-508a-4eda-8622-45b207847d67"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bikldg.volleyball.bet"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860856/; classtype:trojan-activity;sid:84723956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.239.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860855/; classtype:trojan-activity;sid:84723955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.236.168.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860854/; classtype:trojan-activity;sid:84723954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860852)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/iwr9otg.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.107.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860852/; classtype:trojan-activity;sid:84723952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860853)"; flow:established,from_client; content:"GET"; http_method; content:"/public_files/mldeqtd.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"196.251.107.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860853/; classtype:trojan-activity;sid:84723953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860851)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-json/gravitysmtp/v1/tests/mock-d"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"68.183.58.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860851/; classtype:trojan-activity;sid:84723951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860850)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.87.112.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860850/; classtype:trojan-activity;sid:84723950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860849)"; flow:established,from_client; content:"GET"; http_method; content:"/25a10e4e-ca91-4819-a577-49d1b3e4bde3"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zqzlac.vezaratshart.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860849/; classtype:trojan-activity;sid:84723949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.25.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860847/; classtype:trojan-activity;sid:84723947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.89.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860848/; classtype:trojan-activity;sid:84723948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.123.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860846/; classtype:trojan-activity;sid:84723946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.150.70.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860845/; classtype:trojan-activity;sid:84723945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860844)"; flow:established,from_client; content:"GET"; http_method; content:"/28e07abc-18fc-42be-a874-ac07ad14f629"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"sesksz.venusbet90.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860844/; classtype:trojan-activity;sid:84723944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860843)"; flow:established,from_client; content:"GET"; http_method; content:"/a639e48b-90ff-4592-93fe-686c715df357"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ylljjmv.wolfenm.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860843/; classtype:trojan-activity;sid:84723943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860842)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.236.168.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860842/; classtype:trojan-activity;sid:84723942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860841)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"205.185.114.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860841/; classtype:trojan-activity;sid:84723941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.159.34.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860840/; classtype:trojan-activity;sid:84723940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.176.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860839/; classtype:trojan-activity;sid:84723939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.130.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860838/; classtype:trojan-activity;sid:84723938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.123.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860837/; classtype:trojan-activity;sid:84723937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.86.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860836/; classtype:trojan-activity;sid:84723936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860835)"; flow:established,from_client; content:"GET"; http_method; content:"/2f2fd5e2-d621-481c-a9d7-cbb31967c036"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bzwbfps.winxbet.co"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860835/; classtype:trojan-activity;sid:84723935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.177.11.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860834/; classtype:trojan-activity;sid:84723934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860833)"; flow:established,from_client; content:"GET"; http_method; content:"/check1.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"62.60.130.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860833/; classtype:trojan-activity;sid:84723933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860832)"; flow:established,from_client; content:"GET"; http_method; content:"/check.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.60.130.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860832/; classtype:trojan-activity;sid:84723932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.150.70.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860831/; classtype:trojan-activity;sid:84723931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860830)"; flow:established,from_client; content:"GET"; http_method; content:"/c0bd7510-5047-4056-b382-60b3f7cc19de"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"gysxrbg.winstone.casino"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860830/; classtype:trojan-activity;sid:84723930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860829)"; flow:established,from_client; content:"GET"; http_method; content:"/5806825b-0c73-4276-a831-a9388a5d29d7"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pqxlboc.winsportiran.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860829/; classtype:trojan-activity;sid:84723929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860828)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"205.185.114.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860828/; classtype:trojan-activity;sid:84723928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.116.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860827/; classtype:trojan-activity;sid:84723927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860826)"; flow:established,from_client; content:"GET"; http_method; content:"/b2f628/b.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"209.141.60.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860826/; classtype:trojan-activity;sid:84723926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860825)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"205.185.125.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860825/; classtype:trojan-activity;sid:84723925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860824)"; flow:established,from_client; content:"GET"; http_method; content:"/b.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.60.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860824/; classtype:trojan-activity;sid:84723924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860823)"; flow:established,from_client; content:"GET"; http_method; content:"/t.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.60.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860823/; classtype:trojan-activity;sid:84723923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860822)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.60.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860822/; classtype:trojan-activity;sid:84723922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860821)"; flow:established,from_client; content:"GET"; http_method; content:"/h.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.60.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860821/; classtype:trojan-activity;sid:84723921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860820)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=34e9265a-abe6-46b2-8d3b-d390139469e3"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"33liwbcf.parspoker.casino"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860820/; classtype:trojan-activity;sid:84723920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.70.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860819/; classtype:trojan-activity;sid:84723919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860818)"; flow:established,from_client; content:"GET"; http_method; content:"/proxy"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"209.141.62.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860818/; classtype:trojan-activity;sid:84723918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.100.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860817/; classtype:trojan-activity;sid:84723917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860816)"; flow:established,from_client; content:"GET"; http_method; content:"/cf"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.188.21.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860816/; classtype:trojan-activity;sid:84723916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860815)"; flow:established,from_client; content:"GET"; http_method; content:"/bbf06b97-a82a-47d2-99ce-c9e390bef3d1"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ghbfozy.olabahiskayit.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860815/; classtype:trojan-activity;sid:84723915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.88.7.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860814/; classtype:trojan-activity;sid:84723914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860813)"; flow:established,from_client; content:"GET"; http_method; content:"/1e9661d8-53fc-4542-9d47-fa5da1997ed9"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"iidqou.jamjahani.app"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860813/; classtype:trojan-activity;sid:84723913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.146.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860812/; classtype:trojan-activity;sid:84723912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860811)"; flow:established,from_client; content:"GET"; http_method; content:"/e3edb6d1-8918-4854-b125-45a60cccdc91"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"dphxsy.perfectgame.casino"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860811/; classtype:trojan-activity;sid:84723911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860810)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.79.154.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860810/; classtype:trojan-activity;sid:84723910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.53.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860809/; classtype:trojan-activity;sid:84723909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"147.45.77.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860808/; classtype:trojan-activity;sid:84723908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"147.45.77.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860807/; classtype:trojan-activity;sid:84723907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.145.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860806/; classtype:trojan-activity;sid:84723906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860798)"; flow:established,from_client; content:"GET"; http_method; content:"/1f0305"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860798/; classtype:trojan-activity;sid:84723898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860799)"; flow:established,from_client; content:"GET"; http_method; content:"/898cf5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860799/; classtype:trojan-activity;sid:84723899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860800)"; flow:established,from_client; content:"GET"; http_method; content:"/618b35"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860800/; classtype:trojan-activity;sid:84723900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860801)"; flow:established,from_client; content:"GET"; http_method; content:"/28390a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860801/; classtype:trojan-activity;sid:84723901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860802)"; flow:established,from_client; content:"GET"; http_method; content:"/53eb0e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860802/; classtype:trojan-activity;sid:84723902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860803)"; flow:established,from_client; content:"GET"; http_method; content:"/00f7b6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860803/; classtype:trojan-activity;sid:84723903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860804)"; flow:established,from_client; content:"GET"; http_method; content:"/869d0a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860804/; classtype:trojan-activity;sid:84723904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860805)"; flow:established,from_client; content:"GET"; http_method; content:"/eda147"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860805/; classtype:trojan-activity;sid:84723905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860781)"; flow:established,from_client; content:"GET"; http_method; content:"/app/deeplsetupwin.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"appdownload.download"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860781/; classtype:trojan-activity;sid:84723881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860782)"; flow:established,from_client; content:"GET"; http_method; content:"/02b670"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860782/; classtype:trojan-activity;sid:84723882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860783)"; flow:established,from_client; content:"GET"; http_method; content:"/a08bc6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860783/; classtype:trojan-activity;sid:84723883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860784)"; flow:established,from_client; content:"GET"; http_method; content:"/601918"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860784/; classtype:trojan-activity;sid:84723884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860785)"; flow:established,from_client; content:"GET"; http_method; content:"/81b87c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860785/; classtype:trojan-activity;sid:84723885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860786)"; flow:established,from_client; content:"GET"; http_method; content:"/a25026"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860786/; classtype:trojan-activity;sid:84723886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860787)"; flow:established,from_client; content:"GET"; http_method; content:"/764b0f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860787/; classtype:trojan-activity;sid:84723887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860788)"; flow:established,from_client; content:"GET"; http_method; content:"/680621"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860788/; classtype:trojan-activity;sid:84723888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860789)"; flow:established,from_client; content:"GET"; http_method; content:"/407db8"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860789/; classtype:trojan-activity;sid:84723889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860790)"; flow:established,from_client; content:"GET"; http_method; content:"/63e71d"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860790/; classtype:trojan-activity;sid:84723890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860791)"; flow:established,from_client; content:"GET"; http_method; content:"/de9497"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860791/; classtype:trojan-activity;sid:84723891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860792)"; flow:established,from_client; content:"GET"; http_method; content:"/796131"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860792/; classtype:trojan-activity;sid:84723892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860793)"; flow:established,from_client; content:"GET"; http_method; content:"/b3dd0f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860793/; classtype:trojan-activity;sid:84723893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860794)"; flow:established,from_client; content:"GET"; http_method; content:"/294f93"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860794/; classtype:trojan-activity;sid:84723894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860795)"; flow:established,from_client; content:"GET"; http_method; content:"/3718ad"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860795/; classtype:trojan-activity;sid:84723895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860796)"; flow:established,from_client; content:"GET"; http_method; content:"/35c4a2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860796/; classtype:trojan-activity;sid:84723896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860797)"; flow:established,from_client; content:"GET"; http_method; content:"/726775"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860797/; classtype:trojan-activity;sid:84723897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860780)"; flow:established,from_client; content:"GET"; http_method; content:"/e6261e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860780/; classtype:trojan-activity;sid:84723880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860779)"; flow:established,from_client; content:"GET"; http_method; content:"/b1e0ed"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860779/; classtype:trojan-activity;sid:84723879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860776)"; flow:established,from_client; content:"GET"; http_method; content:"/d037d3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860776/; classtype:trojan-activity;sid:84723876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860777)"; flow:established,from_client; content:"GET"; http_method; content:"/62d462"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860777/; classtype:trojan-activity;sid:84723877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860778)"; flow:established,from_client; content:"GET"; http_method; content:"/5c7dfe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860778/; classtype:trojan-activity;sid:84723878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860775)"; flow:established,from_client; content:"GET"; http_method; content:"/6fb4fd"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860775/; classtype:trojan-activity;sid:84723875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860755)"; flow:established,from_client; content:"GET"; http_method; content:"/f1ec24"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860755/; classtype:trojan-activity;sid:84723855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860756)"; flow:established,from_client; content:"GET"; http_method; content:"/568952"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860756/; classtype:trojan-activity;sid:84723856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860757)"; flow:established,from_client; content:"GET"; http_method; content:"/8319c8"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860757/; classtype:trojan-activity;sid:84723857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860758)"; flow:established,from_client; content:"GET"; http_method; content:"/531476"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860758/; classtype:trojan-activity;sid:84723858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860759)"; flow:established,from_client; content:"GET"; http_method; content:"/651f02"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860759/; classtype:trojan-activity;sid:84723859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860760)"; flow:established,from_client; content:"GET"; http_method; content:"/89d453"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860760/; classtype:trojan-activity;sid:84723860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860761)"; flow:established,from_client; content:"GET"; http_method; content:"/9cf6c3"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860761/; classtype:trojan-activity;sid:84723861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860762)"; flow:established,from_client; content:"GET"; http_method; content:"/ca5ddc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860762/; classtype:trojan-activity;sid:84723862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860763)"; flow:established,from_client; content:"GET"; http_method; content:"/5dd19c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860763/; classtype:trojan-activity;sid:84723863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860764)"; flow:established,from_client; content:"GET"; http_method; content:"/b83f2e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860764/; classtype:trojan-activity;sid:84723864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860765)"; flow:established,from_client; content:"GET"; http_method; content:"/cb8729"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860765/; classtype:trojan-activity;sid:84723865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860766)"; flow:established,from_client; content:"GET"; http_method; content:"/5d7e1e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860766/; classtype:trojan-activity;sid:84723866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860767)"; flow:established,from_client; content:"GET"; http_method; content:"/87b3cd"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860767/; classtype:trojan-activity;sid:84723867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860768)"; flow:established,from_client; content:"GET"; http_method; content:"/f9173a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860768/; classtype:trojan-activity;sid:84723868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860769)"; flow:established,from_client; content:"GET"; http_method; content:"/e840fc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860769/; classtype:trojan-activity;sid:84723869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860770)"; flow:established,from_client; content:"GET"; http_method; content:"/c93d53"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860770/; classtype:trojan-activity;sid:84723870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860771)"; flow:established,from_client; content:"GET"; http_method; content:"/a2c890"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860771/; classtype:trojan-activity;sid:84723871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860772)"; flow:established,from_client; content:"GET"; http_method; content:"/8c8e9f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860772/; classtype:trojan-activity;sid:84723872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860773)"; flow:established,from_client; content:"GET"; http_method; content:"/a9709c"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860773/; classtype:trojan-activity;sid:84723873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860774)"; flow:established,from_client; content:"GET"; http_method; content:"/6e21c6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860774/; classtype:trojan-activity;sid:84723874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860736)"; flow:established,from_client; content:"GET"; http_method; content:"/697157"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860736/; classtype:trojan-activity;sid:84723836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860737)"; flow:established,from_client; content:"GET"; http_method; content:"/c23f88"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860737/; classtype:trojan-activity;sid:84723837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860738)"; flow:established,from_client; content:"GET"; http_method; content:"/a2c867"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860738/; classtype:trojan-activity;sid:84723838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860739)"; flow:established,from_client; content:"GET"; http_method; content:"/d5cc63"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860739/; classtype:trojan-activity;sid:84723839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860740)"; flow:established,from_client; content:"GET"; http_method; content:"/98be53"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860740/; classtype:trojan-activity;sid:84723840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860741)"; flow:established,from_client; content:"GET"; http_method; content:"/b0d000"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860741/; classtype:trojan-activity;sid:84723841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860742)"; flow:established,from_client; content:"GET"; http_method; content:"/bf4143"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860742/; classtype:trojan-activity;sid:84723842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860743)"; flow:established,from_client; content:"GET"; http_method; content:"/d43f26"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860743/; classtype:trojan-activity;sid:84723843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860744)"; flow:established,from_client; content:"GET"; http_method; content:"/fa4204"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860744/; classtype:trojan-activity;sid:84723844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860745)"; flow:established,from_client; content:"GET"; http_method; content:"/f1687f"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860745/; classtype:trojan-activity;sid:84723845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860746)"; flow:established,from_client; content:"GET"; http_method; content:"/c7ec56"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860746/; classtype:trojan-activity;sid:84723846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860747)"; flow:established,from_client; content:"GET"; http_method; content:"/9c84c4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860747/; classtype:trojan-activity;sid:84723847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860748)"; flow:established,from_client; content:"GET"; http_method; content:"/fa4cc9"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860748/; classtype:trojan-activity;sid:84723848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860749)"; flow:established,from_client; content:"GET"; http_method; content:"/fe44f2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860749/; classtype:trojan-activity;sid:84723849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860750)"; flow:established,from_client; content:"GET"; http_method; content:"/c05772"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860750/; classtype:trojan-activity;sid:84723850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860751)"; flow:established,from_client; content:"GET"; http_method; content:"/88c338"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860751/; classtype:trojan-activity;sid:84723851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860752)"; flow:established,from_client; content:"GET"; http_method; content:"/bb6da5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860752/; classtype:trojan-activity;sid:84723852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860753)"; flow:established,from_client; content:"GET"; http_method; content:"/f690cd"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860753/; classtype:trojan-activity;sid:84723853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860754)"; flow:established,from_client; content:"GET"; http_method; content:"/c82c7e"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860754/; classtype:trojan-activity;sid:84723854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860735)"; flow:established,from_client; content:"GET"; http_method; content:"/9qp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860735/; classtype:trojan-activity;sid:84723835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860701)"; flow:established,from_client; content:"GET"; http_method; content:"/nuab"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860701/; classtype:trojan-activity;sid:84723801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860702)"; flow:established,from_client; content:"GET"; http_method; content:"/wz8"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860702/; classtype:trojan-activity;sid:84723802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860703)"; flow:established,from_client; content:"GET"; http_method; content:"/vb5"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860703/; classtype:trojan-activity;sid:84723803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860704)"; flow:established,from_client; content:"GET"; http_method; content:"/sb8"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860704/; classtype:trojan-activity;sid:84723804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860705)"; flow:established,from_client; content:"GET"; http_method; content:"/8ayu"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860705/; classtype:trojan-activity;sid:84723805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860706)"; flow:established,from_client; content:"GET"; http_method; content:"/ggb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860706/; classtype:trojan-activity;sid:84723806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860707)"; flow:established,from_client; content:"GET"; http_method; content:"/pkm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860707/; classtype:trojan-activity;sid:84723807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860708)"; flow:established,from_client; content:"GET"; http_method; content:"/ba5o"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860708/; classtype:trojan-activity;sid:84723808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860709)"; flow:established,from_client; content:"GET"; http_method; content:"/yly"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860709/; classtype:trojan-activity;sid:84723809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860710)"; flow:established,from_client; content:"GET"; http_method; content:"/vxhk"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860710/; classtype:trojan-activity;sid:84723810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860711)"; flow:established,from_client; content:"GET"; http_method; content:"/lri"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860711/; classtype:trojan-activity;sid:84723811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860712)"; flow:established,from_client; content:"GET"; http_method; content:"/y1e"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860712/; classtype:trojan-activity;sid:84723812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860713)"; flow:established,from_client; content:"GET"; http_method; content:"/kpr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860713/; classtype:trojan-activity;sid:84723813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860714)"; flow:established,from_client; content:"GET"; http_method; content:"/to4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860714/; classtype:trojan-activity;sid:84723814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860715)"; flow:established,from_client; content:"GET"; http_method; content:"/ucr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860715/; classtype:trojan-activity;sid:84723815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860716)"; flow:established,from_client; content:"GET"; http_method; content:"/s5x"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860716/; classtype:trojan-activity;sid:84723816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860717)"; flow:established,from_client; content:"GET"; http_method; content:"/4yrx"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860717/; classtype:trojan-activity;sid:84723817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860718)"; flow:established,from_client; content:"GET"; http_method; content:"/jj0"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860718/; classtype:trojan-activity;sid:84723818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860719)"; flow:established,from_client; content:"GET"; http_method; content:"/xegf"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.132.232.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860719/; classtype:trojan-activity;sid:84723819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860720)"; flow:established,from_client; content:"GET"; http_method; content:"/176102"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860720/; classtype:trojan-activity;sid:84723820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860721)"; flow:established,from_client; content:"GET"; http_method; content:"/28c961"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860721/; classtype:trojan-activity;sid:84723821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860722)"; flow:established,from_client; content:"GET"; http_method; content:"/078541"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860722/; classtype:trojan-activity;sid:84723822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860723)"; flow:established,from_client; content:"GET"; http_method; content:"/2ee017"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860723/; classtype:trojan-activity;sid:84723823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860724)"; flow:established,from_client; content:"GET"; http_method; content:"/0e6dbe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860724/; classtype:trojan-activity;sid:84723824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860725)"; flow:established,from_client; content:"GET"; http_method; content:"/3aad49"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860725/; classtype:trojan-activity;sid:84723825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860726)"; flow:established,from_client; content:"GET"; http_method; content:"/1a076b"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860726/; classtype:trojan-activity;sid:84723826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860727)"; flow:established,from_client; content:"GET"; http_method; content:"/0e1276"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860727/; classtype:trojan-activity;sid:84723827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860728)"; flow:established,from_client; content:"GET"; http_method; content:"/3fbf44"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860728/; classtype:trojan-activity;sid:84723828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860729)"; flow:established,from_client; content:"GET"; http_method; content:"/1514d2"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860729/; classtype:trojan-activity;sid:84723829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860730)"; flow:established,from_client; content:"GET"; http_method; content:"/42f6ef"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860730/; classtype:trojan-activity;sid:84723830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860731)"; flow:established,from_client; content:"GET"; http_method; content:"/35862d"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860731/; classtype:trojan-activity;sid:84723831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860732)"; flow:established,from_client; content:"GET"; http_method; content:"/4c4cf6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860732/; classtype:trojan-activity;sid:84723832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860733)"; flow:established,from_client; content:"GET"; http_method; content:"/4352ef"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860733/; classtype:trojan-activity;sid:84723833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860734)"; flow:established,from_client; content:"GET"; http_method; content:"/033d52"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.205.1.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860734/; classtype:trojan-activity;sid:84723834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860700)"; flow:established,from_client; content:"GET"; http_method; content:"/24de4591-2b53-4841-b6e7-8fec4710cf7a"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bdfzsbr.kvbel.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860700/; classtype:trojan-activity;sid:84723800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.25.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860699/; classtype:trojan-activity;sid:84723799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.53.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860698/; classtype:trojan-activity;sid:84723798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.145.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860697/; classtype:trojan-activity;sid:84723797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860696)"; flow:established,from_client; content:"GET"; http_method; content:"/b4db77db-37fc-4cf2-99de-d22b2a32e148"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"uadcmxt.kbshavanese.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860696/; classtype:trojan-activity;sid:84723796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.142.93.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860695/; classtype:trojan-activity;sid:84723795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.118.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860694/; classtype:trojan-activity;sid:84723794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.118.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860693/; classtype:trojan-activity;sid:84723793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.25.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860691/; classtype:trojan-activity;sid:84723791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.233.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860692/; classtype:trojan-activity;sid:84723792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860690)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=bbf4adc7-1615-47ec-b891-a198d6a62862"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1nmuyb5y.parspoker90.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860690/; classtype:trojan-activity;sid:84723790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.194.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860689/; classtype:trojan-activity;sid:84723789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.194.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860688/; classtype:trojan-activity;sid:84723788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.226.168.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860687/; classtype:trojan-activity;sid:84723787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.124.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860686/; classtype:trojan-activity;sid:84723786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.116.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860685/; classtype:trojan-activity;sid:84723785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.197.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860684/; classtype:trojan-activity;sid:84723784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860683)"; flow:established,from_client; content:"GET"; http_method; content:"/1d6a943a-fe67-4697-a0e5-b08d509a30d6"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"dihsov.jamjahani.cash"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860683/; classtype:trojan-activity;sid:84723783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860682)"; flow:established,from_client; content:"GET"; http_method; content:"/9ad11293-5c27-4d14-8484-c74cd494e534"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"etpvftw.one1x.bet"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860682/; classtype:trojan-activity;sid:84723782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.112.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860681/; classtype:trojan-activity;sid:84723781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.12.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860680/; classtype:trojan-activity;sid:84723780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860679)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=08d8f571-9ccb-4a64-8224-bb7edc167210"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"1hrrc4q6.onexboro.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860679/; classtype:trojan-activity;sid:84723779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.11.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860678/; classtype:trojan-activity;sid:84723778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.226.168.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860677/; classtype:trojan-activity;sid:84723777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860676)"; flow:established,from_client; content:"GET"; http_method; content:"/4e6927e6-cd4e-4a23-94be-a39327dbd18d"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"eterjrb.one1x.bet"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860676/; classtype:trojan-activity;sid:84723776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.74.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860675/; classtype:trojan-activity;sid:84723775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.197.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860674/; classtype:trojan-activity;sid:84723774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.112.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860673/; classtype:trojan-activity;sid:84723773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.87.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860672/; classtype:trojan-activity;sid:84723772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.0.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860671/; classtype:trojan-activity;sid:84723771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860670)"; flow:established,from_client; content:"GET"; http_method; content:"/78d944f3-9bcc-48f2-b915-9d919fa39a54"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"omxvqrt.penalty.casino"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860670/; classtype:trojan-activity;sid:84723770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.42.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860669/; classtype:trojan-activity;sid:84723769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860668)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.11.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860668/; classtype:trojan-activity;sid:84723768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.37.87.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860667/; classtype:trojan-activity;sid:84723767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.121.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860666/; classtype:trojan-activity;sid:84723766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.39.249.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860665/; classtype:trojan-activity;sid:84723765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.36.23.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860664/; classtype:trojan-activity;sid:84723764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.106.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860663/; classtype:trojan-activity;sid:84723763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860662)"; flow:established,from_client; content:"GET"; http_method; content:"/ec7a0d9b-1d16-4c64-8ada-d78bc270708b"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"atuxkke.penalti.website"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860662/; classtype:trojan-activity;sid:84723762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.121.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860661/; classtype:trojan-activity;sid:84723761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860660)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|ublib=034c46cf-7fc1-4dca-897f-a6ad0a20162c"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bl7gsqjt.parsgoal90.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860660/; classtype:trojan-activity;sid:84723760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860659)"; flow:established,from_client; content:"GET"; http_method; content:"/30fd1a3b-189c-4d5d-8a5c-cce64ecfaa9f"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"egbofo.jamjahani.cash"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860659/; classtype:trojan-activity;sid:84723759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.36.23.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860658/; classtype:trojan-activity;sid:84723758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.67.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860657/; classtype:trojan-activity;sid:84723757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.52.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860656/; classtype:trojan-activity;sid:84723756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.39.249.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860655/; classtype:trojan-activity;sid:84723755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860645)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"38.79.154.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860645/; classtype:trojan-activity;sid:84723745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860646)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"38.79.154.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860646/; classtype:trojan-activity;sid:84723746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860647)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"38.79.154.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860647/; classtype:trojan-activity;sid:84723747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860648)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"38.79.154.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860648/; classtype:trojan-activity;sid:84723748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860649)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"38.79.154.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860649/; classtype:trojan-activity;sid:84723749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860650)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"38.79.154.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860650/; classtype:trojan-activity;sid:84723750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860651)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"38.79.154.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860651/; classtype:trojan-activity;sid:84723751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860652)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"38.79.154.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860652/; classtype:trojan-activity;sid:84723752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860653)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"38.79.154.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860653/; classtype:trojan-activity;sid:84723753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860654)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"38.79.154.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860654/; classtype:trojan-activity;sid:84723754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860644)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"38.79.154.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860644/; classtype:trojan-activity;sid:84723744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860643)"; flow:established,from_client; content:"GET"; http_method; content:"/6ef0281b-e1b9-4b35-bafa-32f9eb8dde33"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"pdbrpnf.penaltibazi.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860643/; classtype:trojan-activity;sid:84723743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.37.31.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_08; reference:url, urlhaus.abuse.ch/url/3860642/; classtype:trojan-activity;sid:84723742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.202.142.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860624/; classtype:trojan-activity;sid:84723724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860529)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860529/; classtype:trojan-activity;sid:84723629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.157.252.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860518/; classtype:trojan-activity;sid:84723618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860450)"; flow:established,from_client; content:"GET"; http_method; content:"/titanuimxross01.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860450/; classtype:trojan-activity;sid:84723550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860425)"; flow:established,from_client; content:"GET"; http_method; content:"/cry.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860425/; classtype:trojan-activity;sid:84723525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860414)"; flow:established,from_client; content:"GET"; http_method; content:"/cry.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860414/; classtype:trojan-activity;sid:84723514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860411)"; flow:established,from_client; content:"GET"; http_method; content:"/cry.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860411/; classtype:trojan-activity;sid:84723511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860412)"; flow:established,from_client; content:"GET"; http_method; content:"/cry.arc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860412/; classtype:trojan-activity;sid:84723512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860413)"; flow:established,from_client; content:"GET"; http_method; content:"/cry.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860413/; classtype:trojan-activity;sid:84723513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860408)"; flow:established,from_client; content:"GET"; http_method; content:"/cry.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860408/; classtype:trojan-activity;sid:84723508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860404)"; flow:established,from_client; content:"GET"; http_method; content:"/cry.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860404/; classtype:trojan-activity;sid:84723504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860405)"; flow:established,from_client; content:"GET"; http_method; content:"/cry.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860405/; classtype:trojan-activity;sid:84723505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860406)"; flow:established,from_client; content:"GET"; http_method; content:"/cry.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860406/; classtype:trojan-activity;sid:84723506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860407)"; flow:established,from_client; content:"GET"; http_method; content:"/cry.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860407/; classtype:trojan-activity;sid:84723507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.99.58.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860192/; classtype:trojan-activity;sid:84723292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860189)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.60.195.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860189/; classtype:trojan-activity;sid:84723289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860091)"; flow:established,from_client; content:"GET"; http_method; content:"/aes.js"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"inini.kesug.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860091/; classtype:trojan-activity;sid:84723191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3860075)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"vitacocoyougoloco.potassium.st"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3860075/; classtype:trojan-activity;sid:84723175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.131.243.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_07; reference:url, urlhaus.abuse.ch/url/3859966/; classtype:trojan-activity;sid:84723066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859817)"; flow:established,from_client; content:"GET"; http_method; content:"/20.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859817/; classtype:trojan-activity;sid:84722917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859818)"; flow:established,from_client; content:"GET"; http_method; content:"/s287.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"62.60.226.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859818/; classtype:trojan-activity;sid:84722918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859816)"; flow:established,from_client; content:"GET"; http_method; content:"/16.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859816/; classtype:trojan-activity;sid:84722916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859809)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.ppc440"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859809/; classtype:trojan-activity;sid:84722909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859799)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vitacocoyougoloco.potassium.st"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859799/; classtype:trojan-activity;sid:84722899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859796)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vitacocoyougoloco.potassium.st"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859796/; classtype:trojan-activity;sid:84722896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859797)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vitacocoyougoloco.potassium.st"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859797/; classtype:trojan-activity;sid:84722897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859795)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vitacocoyougoloco.potassium.st"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859795/; classtype:trojan-activity;sid:84722895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859794)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vitacocoyougoloco.potassium.st"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859794/; classtype:trojan-activity;sid:84722894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859793)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"vitacocoyougoloco.potassium.st"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859793/; classtype:trojan-activity;sid:84722893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859773)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.202.246.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859773/; classtype:trojan-activity;sid:84722873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859774)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/o.xml"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.202.246.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859774/; classtype:trojan-activity;sid:84722874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859775)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.202.246.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859775/; classtype:trojan-activity;sid:84722875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859776)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.202.246.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859776/; classtype:trojan-activity;sid:84722876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859777)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.202.246.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859777/; classtype:trojan-activity;sid:84722877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859778)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.202.246.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859778/; classtype:trojan-activity;sid:84722878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859779)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.202.246.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859779/; classtype:trojan-activity;sid:84722879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859781)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.202.246.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859781/; classtype:trojan-activity;sid:84722881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859782)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.202.246.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859782/; classtype:trojan-activity;sid:84722882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.202.246.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859783/; classtype:trojan-activity;sid:84722883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859771)"; flow:established,from_client; content:"GET"; http_method; content:"/v49922.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"62.60.226.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859771/; classtype:trojan-activity;sid:84722871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859706)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"no7shmh.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859706/; classtype:trojan-activity;sid:84722806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859707)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"no7shmh.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859707/; classtype:trojan-activity;sid:84722807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859708)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"no7shmh.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859708/; classtype:trojan-activity;sid:84722808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859701)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"no7shmh.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859701/; classtype:trojan-activity;sid:84722801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859702)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"no7shmh.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859702/; classtype:trojan-activity;sid:84722802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859685)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"no7shmh.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859685/; classtype:trojan-activity;sid:84722785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859688)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"no7shmh.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859688/; classtype:trojan-activity;sid:84722788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859689)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"no7shmh.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859689/; classtype:trojan-activity;sid:84722789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859691)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"no7shmh.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859691/; classtype:trojan-activity;sid:84722791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859699)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"no7shmh.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859699/; classtype:trojan-activity;sid:84722799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859700)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"no7shmh.shop"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859700/; classtype:trojan-activity;sid:84722800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859636)"; flow:established,from_client; content:"GET"; http_method; content:"/arm64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.56.209.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859636/; classtype:trojan-activity;sid:84722736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859637)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.56.209.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859637/; classtype:trojan-activity;sid:84722737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859634)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc64le"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.56.209.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859634/; classtype:trojan-activity;sid:84722734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859632)"; flow:established,from_client; content:"GET"; http_method; content:"/s390x"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.56.209.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859632/; classtype:trojan-activity;sid:84722732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859631)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.56.209.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859631/; classtype:trojan-activity;sid:84722731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859630)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.56.209.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859630/; classtype:trojan-activity;sid:84722730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859571)"; flow:established,from_client; content:"GET"; http_method; content:"/ciabins.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.183.232.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859571/; classtype:trojan-activity;sid:84722671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859553)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859553/; classtype:trojan-activity;sid:84722653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859549)"; flow:established,from_client; content:"GET"; http_method; content:"/zb.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.56.209.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_06; reference:url, urlhaus.abuse.ch/url/3859549/; classtype:trojan-activity;sid:84722649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859433)"; flow:established,from_client; content:"GET"; http_method; content:"/tkr.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"62.60.226.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859433/; classtype:trojan-activity;sid:84722533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.57.51.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859425/; classtype:trojan-activity;sid:84722525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.68.249.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859418/; classtype:trojan-activity;sid:84722518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.202.142.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859377/; classtype:trojan-activity;sid:84722477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859296)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.56.209.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859296/; classtype:trojan-activity;sid:84722396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859292)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.56.209.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859292/; classtype:trojan-activity;sid:84722392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859245)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859245/; classtype:trojan-activity;sid:84722345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859231)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859231/; classtype:trojan-activity;sid:84722331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859233)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859233/; classtype:trojan-activity;sid:84722333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859235)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859235/; classtype:trojan-activity;sid:84722335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859236)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859236/; classtype:trojan-activity;sid:84722336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859238)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859238/; classtype:trojan-activity;sid:84722338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859241)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"smart.abuse.st"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859241/; classtype:trojan-activity;sid:84722341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859229)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859229/; classtype:trojan-activity;sid:84722329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859230)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859230/; classtype:trojan-activity;sid:84722330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859139)"; flow:established,from_client; content:"GET"; http_method; content:"/stego_payloa.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ritubohara.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859139/; classtype:trojan-activity;sid:84722239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859133)"; flow:established,from_client; content:"GET"; http_method; content:"/msbuil.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"pub-33172110f57a4bbfa0c089261c8b7d4d.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859133/; classtype:trojan-activity;sid:84722233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859129)"; flow:established,from_client; content:"GET"; http_method; content:"/yuyu/yunewbuy.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.tradedsglobal.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859129/; classtype:trojan-activity;sid:84722229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859128)"; flow:established,from_client; content:"GET"; http_method; content:"/yuyu/rumpyu.png"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.tradedsglobal.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859128/; classtype:trojan-activity;sid:84722228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859113)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"smart.abuse.st"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859113/; classtype:trojan-activity;sid:84722213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859111)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"smart.abuse.st"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859111/; classtype:trojan-activity;sid:84722211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859112)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"smart.abuse.st"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859112/; classtype:trojan-activity;sid:84722212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859042)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"smart.abuse.st"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859042/; classtype:trojan-activity;sid:84722142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3859006)"; flow:established,from_client; content:"GET"; http_method; content:"/data_aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.175.223.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3859006/; classtype:trojan-activity;sid:84722106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858999)"; flow:established,from_client; content:"GET"; http_method; content:"/data_arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.175.223.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858999/; classtype:trojan-activity;sid:84722099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858969)"; flow:established,from_client; content:"GET"; http_method; content:"/data_mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.175.223.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858969/; classtype:trojan-activity;sid:84722069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858970)"; flow:established,from_client; content:"GET"; http_method; content:"/data_mips-uclibc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.175.223.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858970/; classtype:trojan-activity;sid:84722070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858959)"; flow:established,from_client; content:"GET"; http_method; content:"/data_arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.175.223.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858959/; classtype:trojan-activity;sid:84722059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858960)"; flow:established,from_client; content:"GET"; http_method; content:"/data_arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.175.223.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858960/; classtype:trojan-activity;sid:84722060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858961)"; flow:established,from_client; content:"GET"; http_method; content:"/data_powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.175.223.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858961/; classtype:trojan-activity;sid:84722061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858963)"; flow:established,from_client; content:"GET"; http_method; content:"/data_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.175.223.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858963/; classtype:trojan-activity;sid:84722063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858964)"; flow:established,from_client; content:"GET"; http_method; content:"/data_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.175.223.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858964/; classtype:trojan-activity;sid:84722064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858965)"; flow:established,from_client; content:"GET"; http_method; content:"/data_mipsel-uclibc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"5.175.223.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858965/; classtype:trojan-activity;sid:84722065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858951)"; flow:established,from_client; content:"GET"; http_method; content:"/data_x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.175.223.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_05; reference:url, urlhaus.abuse.ch/url/3858951/; classtype:trojan-activity;sid:84722051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858824)"; flow:established,from_client; content:"GET"; http_method; content:"/n.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858824/; classtype:trojan-activity;sid:84721924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858825)"; flow:established,from_client; content:"GET"; http_method; content:"/x.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858825/; classtype:trojan-activity;sid:84721925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858771)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858771/; classtype:trojan-activity;sid:84721871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858772)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858772/; classtype:trojan-activity;sid:84721872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858774)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.83.134.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858774/; classtype:trojan-activity;sid:84721874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858710)"; flow:established,from_client; content:"GET"; http_method; content:"/uni.png"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pub-33172110f57a4bbfa0c089261c8b7d4d.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858710/; classtype:trojan-activity;sid:84721810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858694)"; flow:established,from_client; content:"GET"; http_method; content:"/img/optimized_msi.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"onceuponatimethebabyangelcamebacktotheearthtogoformebestwishesg.ydns.eu"; http_host; depth:71; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858694/; classtype:trojan-activity;sid:84721794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858690)"; flow:established,from_client; content:"GET"; http_method; content:"/.well-known/acme-challenge/img_20260531_214059_714.png"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"kits.frog.tw"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858690/; classtype:trojan-activity;sid:84721790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858634)"; flow:established,from_client; content:"GET"; http_method; content:"/tr"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"140.233.190.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858634/; classtype:trojan-activity;sid:84721734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858615)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i686"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858615/; classtype:trojan-activity;sid:84721715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858616)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858616/; classtype:trojan-activity;sid:84721716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858617)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858617/; classtype:trojan-activity;sid:84721717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858619)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mipsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858619/; classtype:trojan-activity;sid:84721719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858621)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858621/; classtype:trojan-activity;sid:84721721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858622)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858622/; classtype:trojan-activity;sid:84721722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858623)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_32"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858623/; classtype:trojan-activity;sid:84721723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858624)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.i486"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858624/; classtype:trojan-activity;sid:84721724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858625)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858625/; classtype:trojan-activity;sid:84721725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858628)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.ppc440"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858628/; classtype:trojan-activity;sid:84721728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858629)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858629/; classtype:trojan-activity;sid:84721729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858630)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858630/; classtype:trojan-activity;sid:84721730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858608)"; flow:established,from_client; content:"GET"; http_method; content:"/hmips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858608/; classtype:trojan-activity;sid:84721708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858607)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858607/; classtype:trojan-activity;sid:84721707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858598)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"64.89.162.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858598/; classtype:trojan-activity;sid:84721698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858595)"; flow:established,from_client; content:"GET"; http_method; content:"/sexy.apk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858595/; classtype:trojan-activity;sid:84721695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858591)"; flow:established,from_client; content:"GET"; http_method; content:"/debug"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"140.233.190.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858591/; classtype:trojan-activity;sid:84721691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858582)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858582/; classtype:trojan-activity;sid:84721682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858583)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858583/; classtype:trojan-activity;sid:84721683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858584)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/titanjr.x86_64"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858584/; classtype:trojan-activity;sid:84721684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858587)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858587/; classtype:trojan-activity;sid:84721687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858588)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858588/; classtype:trojan-activity;sid:84721688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh2xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"64.89.162.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858577/; classtype:trojan-activity;sid:84721677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858565)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858565/; classtype:trojan-activity;sid:84721665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858566)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858566/; classtype:trojan-activity;sid:84721666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858568)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858568/; classtype:trojan-activity;sid:84721668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858574)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858574/; classtype:trojan-activity;sid:84721674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858553)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv32xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"64.89.162.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858553/; classtype:trojan-activity;sid:84721653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858554)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"64.89.162.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858554/; classtype:trojan-activity;sid:84721654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"64.89.162.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858555/; classtype:trojan-activity;sid:84721655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858561)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnloongarch64xnxn"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"64.89.162.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858561/; classtype:trojan-activity;sid:84721661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858562)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"64.89.162.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858562/; classtype:trojan-activity;sid:84721662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858541)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858541/; classtype:trojan-activity;sid:84721641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858543)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"64.89.162.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858543/; classtype:trojan-activity;sid:84721643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858544)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmicroblazexnxn"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"64.89.162.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858544/; classtype:trojan-activity;sid:84721644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858539)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858539/; classtype:trojan-activity;sid:84721639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858540)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858540/; classtype:trojan-activity;sid:84721640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858530)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"64.89.162.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858530/; classtype:trojan-activity;sid:84721630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858531)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"64.89.162.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858531/; classtype:trojan-activity;sid:84721631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858533)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnor1kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"64.89.162.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858533/; classtype:trojan-activity;sid:84721633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858534)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"64.89.162.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858534/; classtype:trojan-activity;sid:84721634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858537)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.183.182.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858537/; classtype:trojan-activity;sid:84721637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858509)"; flow:established,from_client; content:"GET"; http_method; content:"/all.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.175.223.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858509/; classtype:trojan-activity;sid:84721609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858510)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858510/; classtype:trojan-activity;sid:84721610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858512)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.89.162.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858512/; classtype:trojan-activity;sid:84721612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858516)"; flow:established,from_client; content:"GET"; http_method; content:"/all.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.238.39.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858516/; classtype:trojan-activity;sid:84721616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858508)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858508/; classtype:trojan-activity;sid:84721608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858501)"; flow:established,from_client; content:"GET"; http_method; content:"/spx/spx.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"baolongwes.oss-ap-southeast-1.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858501/; classtype:trojan-activity;sid:84721601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858500)"; flow:established,from_client; content:"GET"; http_method; content:"/spx/ficeo.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"baolongwes.oss-ap-southeast-1.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858500/; classtype:trojan-activity;sid:84721600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858495)"; flow:established,from_client; content:"GET"; http_method; content:"/images/587.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"delte-mobrey.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858495/; classtype:trojan-activity;sid:84721595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.241.53.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858430/; classtype:trojan-activity;sid:84721530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858420)"; flow:established,from_client; content:"GET"; http_method; content:"/imgo/optimized_msi.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tmcksa.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858420/; classtype:trojan-activity;sid:84721520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858408)"; flow:established,from_client; content:"GET"; http_method; content:"/eaglestitan001.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858408/; classtype:trojan-activity;sid:84721508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858359)"; flow:established,from_client; content:"GET"; http_method; content:"/e.mips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.198.224.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858359/; classtype:trojan-activity;sid:84721459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858313)"; flow:established,from_client; content:"GET"; http_method; content:"/n"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.198.224.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_04; reference:url, urlhaus.abuse.ch/url/3858313/; classtype:trojan-activity;sid:84721413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858126)"; flow:established,from_client; content:"GET"; http_method; content:"/re.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858126/; classtype:trojan-activity;sid:84721226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.39.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858115/; classtype:trojan-activity;sid:84721215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858098)"; flow:established,from_client; content:"GET"; http_method; content:"/sodola"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858098/; classtype:trojan-activity;sid:84721198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858066)"; flow:established,from_client; content:"GET"; http_method; content:"/eagleclient004.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858066/; classtype:trojan-activity;sid:84721166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858067)"; flow:established,from_client; content:"GET"; http_method; content:"/1992.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858067/; classtype:trojan-activity;sid:84721167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858064)"; flow:established,from_client; content:"GET"; http_method; content:"/eaglewingsdna04.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858064/; classtype:trojan-activity;sid:84721164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858047)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.56.209.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858047/; classtype:trojan-activity;sid:84721147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3858023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.31.189.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3858023/; classtype:trojan-activity;sid:84721123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857954)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hppbdssh6fedu5tclfys1760jq9d0fvc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857954/; classtype:trojan-activity;sid:84721054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857952)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qj81ivfcftpeqs-4wffvozykixvnnh-7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857952/; classtype:trojan-activity;sid:84721052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857953)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1xflzjnjflykhgl_clp_nejp3g1txmb3g"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857953/; classtype:trojan-activity;sid:84721053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857928)"; flow:established,from_client; content:"GET"; http_method; content:"/newrem.png"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"archivoscrosoft.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857928/; classtype:trojan-activity;sid:84721028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.233.104.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857886/; classtype:trojan-activity;sid:84720986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857882)"; flow:established,from_client; content:"GET"; http_method; content:"/dlink"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"140.233.190.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_03; reference:url, urlhaus.abuse.ch/url/3857882/; classtype:trojan-activity;sid:84720982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857845)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"140.233.190.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857845/; classtype:trojan-activity;sid:84720945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.250.202.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857431/; classtype:trojan-activity;sid:84720531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.124.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857332/; classtype:trojan-activity;sid:84720432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"103.168.66.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857307/; classtype:trojan-activity;sid:84720407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857259)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857259/; classtype:trojan-activity;sid:84720359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857267)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.43.182.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_02; reference:url, urlhaus.abuse.ch/url/3857267/; classtype:trojan-activity;sid:84720367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857198)"; flow:established,from_client; content:"GET"; http_method; content:"/zero.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.56.209.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857198/; classtype:trojan-activity;sid:84720298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857196)"; flow:established,from_client; content:"GET"; http_method; content:"/zero.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.56.209.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857196/; classtype:trojan-activity;sid:84720296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857197)"; flow:established,from_client; content:"GET"; http_method; content:"/zero.armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.56.209.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857197/; classtype:trojan-activity;sid:84720297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857193)"; flow:established,from_client; content:"GET"; http_method; content:"/zero.armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.56.209.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857193/; classtype:trojan-activity;sid:84720293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857194)"; flow:established,from_client; content:"GET"; http_method; content:"/zero.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857194/; classtype:trojan-activity;sid:84720294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857189)"; flow:established,from_client; content:"GET"; http_method; content:"/zero.mipsrouter"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"31.56.209.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857189/; classtype:trojan-activity;sid:84720289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857190)"; flow:established,from_client; content:"GET"; http_method; content:"/zero.armv4l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"31.56.209.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857190/; classtype:trojan-activity;sid:84720290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857191)"; flow:established,from_client; content:"GET"; http_method; content:"/zero.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.56.209.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857191/; classtype:trojan-activity;sid:84720291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.6.167.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857166/; classtype:trojan-activity;sid:84720266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3857008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.124.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3857008/; classtype:trojan-activity;sid:84720108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856984)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.231.14.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856984/; classtype:trojan-activity;sid:84720084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856985)"; flow:established,from_client; content:"GET"; http_method; content:"/11.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.231.14.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856985/; classtype:trojan-activity;sid:84720085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856983)"; flow:established,from_client; content:"GET"; http_method; content:"/win.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.231.14.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856983/; classtype:trojan-activity;sid:84720083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856691)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.56.209.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856691/; classtype:trojan-activity;sid:84719791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856692)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"31.56.209.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_06_01; reference:url, urlhaus.abuse.ch/url/3856692/; classtype:trojan-activity;sid:84719792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856352)"; flow:established,from_client; content:"GET"; http_method; content:"/blue.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.198.224.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856352/; classtype:trojan-activity;sid:84719452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856351)"; flow:established,from_client; content:"GET"; http_method; content:"/blue.x64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.198.224.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856351/; classtype:trojan-activity;sid:84719451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856350)"; flow:established,from_client; content:"GET"; http_method; content:"/blue.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.198.224.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856350/; classtype:trojan-activity;sid:84719450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856349)"; flow:established,from_client; content:"GET"; http_method; content:"/blue.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.198.224.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856349/; classtype:trojan-activity;sid:84719449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856348)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.198.224.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856348/; classtype:trojan-activity;sid:84719448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856345)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"102.220.160.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856345/; classtype:trojan-activity;sid:84719445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856344)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.17.183.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856344/; classtype:trojan-activity;sid:84719444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856329)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856329/; classtype:trojan-activity;sid:84719429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856330)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856330/; classtype:trojan-activity;sid:84719430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856332)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856332/; classtype:trojan-activity;sid:84719432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856333)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856333/; classtype:trojan-activity;sid:84719433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856334)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856334/; classtype:trojan-activity;sid:84719434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856335)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.83.87.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856335/; classtype:trojan-activity;sid:84719435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856327)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856327/; classtype:trojan-activity;sid:84719427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856325)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856325/; classtype:trojan-activity;sid:84719425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856326)"; flow:established,from_client; content:"GET"; http_method; content:"/lol"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856326/; classtype:trojan-activity;sid:84719426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856322)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856322/; classtype:trojan-activity;sid:84719422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856323)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856323/; classtype:trojan-activity;sid:84719423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856319)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856319/; classtype:trojan-activity;sid:84719419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856321)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856321/; classtype:trojan-activity;sid:84719421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856315)"; flow:established,from_client; content:"GET"; http_method; content:"/jack5tr.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856315/; classtype:trojan-activity;sid:84719415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856316)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856316/; classtype:trojan-activity;sid:84719416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856314)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.194.92.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856314/; classtype:trojan-activity;sid:84719414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856302)"; flow:established,from_client; content:"GET"; http_method; content:"/tplink/arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856302/; classtype:trojan-activity;sid:84719402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.68.249.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_31; reference:url, urlhaus.abuse.ch/url/3856177/; classtype:trojan-activity;sid:84719277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3856053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.248.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3856053/; classtype:trojan-activity;sid:84719153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855913)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855913/; classtype:trojan-activity;sid:84719013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855816)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"140.233.190.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855816/; classtype:trojan-activity;sid:84718916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855674)"; flow:established,from_client; content:"GET"; http_method; content:"/files/install.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"192.253.248.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855674/; classtype:trojan-activity;sid:84718774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855636)"; flow:established,from_client; content:"GET"; http_method; content:"/cook"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vanta.st"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_05_30; reference:url, urlhaus.abuse.ch/url/3855636/; classtype:trojan-activity;sid:84718736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855453/; classtype:trojan-activity;sid:84718553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.151.182.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855450/; classtype:trojan-activity;sid:84718550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855303)"; flow:established,from_client; content:"GET"; http_method; content:"/lb15.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855303/; classtype:trojan-activity;sid:84718403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855307)"; flow:established,from_client; content:"GET"; http_method; content:"/lb16.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855307/; classtype:trojan-activity;sid:84718407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855308)"; flow:established,from_client; content:"GET"; http_method; content:"/lb14.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855308/; classtype:trojan-activity;sid:84718408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855300)"; flow:established,from_client; content:"GET"; http_method; content:"/lb17.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855300/; classtype:trojan-activity;sid:84718400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855301)"; flow:established,from_client; content:"GET"; http_method; content:"/lb20.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855301/; classtype:trojan-activity;sid:84718401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855296)"; flow:established,from_client; content:"GET"; http_method; content:"/lb19.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855296/; classtype:trojan-activity;sid:84718396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855297)"; flow:established,from_client; content:"GET"; http_method; content:"/lb18.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855297/; classtype:trojan-activity;sid:84718397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855292)"; flow:established,from_client; content:"GET"; http_method; content:"/lb11.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855292/; classtype:trojan-activity;sid:84718392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855293)"; flow:established,from_client; content:"GET"; http_method; content:"/lb12.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855293/; classtype:trojan-activity;sid:84718393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855294)"; flow:established,from_client; content:"GET"; http_method; content:"/lb13.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855294/; classtype:trojan-activity;sid:84718394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3855191)"; flow:established,from_client; content:"GET"; http_method; content:"/stego_payload.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"ritubohara.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_29; reference:url, urlhaus.abuse.ch/url/3855191/; classtype:trojan-activity;sid:84718291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854907)"; flow:established,from_client; content:"GET"; http_method; content:"/main_sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.141.26.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854907/; classtype:trojan-activity;sid:84718007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854906)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.141.26.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854906/; classtype:trojan-activity;sid:84718006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854899)"; flow:established,from_client; content:"GET"; http_method; content:"/main_ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.141.26.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854899/; classtype:trojan-activity;sid:84717999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854900)"; flow:established,from_client; content:"GET"; http_method; content:"/main_arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.141.26.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854900/; classtype:trojan-activity;sid:84718000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854904)"; flow:established,from_client; content:"GET"; http_method; content:"/main_mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.141.26.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854904/; classtype:trojan-activity;sid:84718004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854905)"; flow:established,from_client; content:"GET"; http_method; content:"/main_x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.141.26.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854905/; classtype:trojan-activity;sid:84718005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854800)"; flow:established,from_client; content:"GET"; http_method; content:"/k"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.135.9.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854800/; classtype:trojan-activity;sid:84717900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854799)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.45.68.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854799/; classtype:trojan-activity;sid:84717899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854798)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"103.45.68.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854798/; classtype:trojan-activity;sid:84717898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.15.124.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854512/; classtype:trojan-activity;sid:84717612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.240.165.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854444/; classtype:trojan-activity;sid:84717544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.240.165.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_28; reference:url, urlhaus.abuse.ch/url/3854436/; classtype:trojan-activity;sid:84717536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854182)"; flow:established,from_client; content:"GET"; http_method; content:"/system1.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"64.89.160.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854182/; classtype:trojan-activity;sid:84717282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854181)"; flow:established,from_client; content:"GET"; http_method; content:"/cabeto850128/comicsam/refs/heads/main/kisbj4ddvg.pif"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854181/; classtype:trojan-activity;sid:84717281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854179)"; flow:established,from_client; content:"GET"; http_method; content:"/cabeto850128/comicsam/refs/heads/main/cdbhhfa.html"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854179/; classtype:trojan-activity;sid:84717279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854177)"; flow:established,from_client; content:"GET"; http_method; content:"/system.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"64.89.160.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854177/; classtype:trojan-activity;sid:84717277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854174)"; flow:established,from_client; content:"GET"; http_method; content:"/b1/enix.r"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"153.80.242.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854174/; classtype:trojan-activity;sid:84717274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854173)"; flow:established,from_client; content:"GET"; http_method; content:"/xawk.r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"nitrogateway.digital"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854173/; classtype:trojan-activity;sid:84717273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854169)"; flow:established,from_client; content:"GET"; http_method; content:"/vzuk.ocx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"153.80.242.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854169/; classtype:trojan-activity;sid:84717269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854170)"; flow:established,from_client; content:"GET"; http_method; content:"/vzuk.ocx"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"nitrogateway.digital"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854170/; classtype:trojan-activity;sid:84717270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854171)"; flow:established,from_client; content:"GET"; http_method; content:"/b1/enix.r"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"nitrogateway.digital"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854171/; classtype:trojan-activity;sid:84717271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854172)"; flow:established,from_client; content:"GET"; http_method; content:"/xawk.r"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.80.242.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854172/; classtype:trojan-activity;sid:84717272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854158)"; flow:established,from_client; content:"GET"; http_method; content:"/slaytonms/ab/refs/heads/main/adkksfa.txt"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854158/; classtype:trojan-activity;sid:84717258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854146)"; flow:established,from_client; content:"GET"; http_method; content:"/slaytonms/gt/refs/heads/main/djkpodd.txt"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854146/; classtype:trojan-activity;sid:84717246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854142)"; flow:established,from_client; content:"GET"; http_method; content:"/slaytonms/nb/refs/heads/main/srdmaik.txt"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854142/; classtype:trojan-activity;sid:84717242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854143)"; flow:established,from_client; content:"GET"; http_method; content:"/slaytonms/hy/refs/heads/main/cabdcfo.txt"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854143/; classtype:trojan-activity;sid:84717243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854144)"; flow:established,from_client; content:"GET"; http_method; content:"/slaytonms/df/refs/heads/main/oicajon.txt"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854144/; classtype:trojan-activity;sid:84717244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854145)"; flow:established,from_client; content:"GET"; http_method; content:"/slaytonms/hi/refs/heads/main/peokjfs.txt"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854145/; classtype:trojan-activity;sid:84717245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854013)"; flow:established,from_client; content:"GET"; http_method; content:"/dec"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.182.98.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854013/; classtype:trojan-activity;sid:84717113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854014)"; flow:established,from_client; content:"GET"; http_method; content:"/dec"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.8.70.117"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854014/; classtype:trojan-activity;sid:84717114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854008)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.182.98.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854008/; classtype:trojan-activity;sid:84717108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3854009)"; flow:established,from_client; content:"GET"; http_method; content:"/mig"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.8.70.117"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3854009/; classtype:trojan-activity;sid:84717109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853721)"; flow:established,from_client; content:"GET"; http_method; content:"/mailrealfedex-svga/uploader/raw/refs/heads/main/finale.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_27; reference:url, urlhaus.abuse.ch/url/3853721/; classtype:trojan-activity;sid:84716821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.71.131.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853625/; classtype:trojan-activity;sid:84716725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853450)"; flow:established,from_client; content:"GET"; http_method; content:"/callm743/gridlesssekai-retro/main/bernardine/gridless-sekai-retro-v3.0-alpha.5.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853450/; classtype:trojan-activity;sid:84716550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853353)"; flow:established,from_client; content:"GET"; http_method; content:"/lb9.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853353/; classtype:trojan-activity;sid:84716453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853354)"; flow:established,from_client; content:"GET"; http_method; content:"/lb10.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853354/; classtype:trojan-activity;sid:84716454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853347)"; flow:established,from_client; content:"GET"; http_method; content:"/lb8.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853347/; classtype:trojan-activity;sid:84716447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853348)"; flow:established,from_client; content:"GET"; http_method; content:"/lb4.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853348/; classtype:trojan-activity;sid:84716448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853349)"; flow:established,from_client; content:"GET"; http_method; content:"/lb6.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853349/; classtype:trojan-activity;sid:84716449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853350)"; flow:established,from_client; content:"GET"; http_method; content:"/lb7.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853350/; classtype:trojan-activity;sid:84716450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853351)"; flow:established,from_client; content:"GET"; http_method; content:"/lb5.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853351/; classtype:trojan-activity;sid:84716451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853343)"; flow:established,from_client; content:"GET"; http_method; content:"/lb1.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853343/; classtype:trojan-activity;sid:84716443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853344)"; flow:established,from_client; content:"GET"; http_method; content:"/lb3.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853344/; classtype:trojan-activity;sid:84716444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853345)"; flow:established,from_client; content:"GET"; http_method; content:"/lb2.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853345/; classtype:trojan-activity;sid:84716445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853315)"; flow:established,from_client; content:"GET"; http_method; content:"/load/hjbk.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.252.155.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853315/; classtype:trojan-activity;sid:84716415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853312)"; flow:established,from_client; content:"GET"; http_method; content:"/load/kythy.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.252.155.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853312/; classtype:trojan-activity;sid:84716412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853311)"; flow:established,from_client; content:"GET"; http_method; content:"/load/ojujn.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.252.155.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853311/; classtype:trojan-activity;sid:84716411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853309)"; flow:established,from_client; content:"GET"; http_method; content:"/load/kliulij.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.252.155.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853309/; classtype:trojan-activity;sid:84716409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853303)"; flow:established,from_client; content:"GET"; http_method; content:"/load/bjbh.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.252.155.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853303/; classtype:trojan-activity;sid:84716403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853306)"; flow:established,from_client; content:"GET"; http_method; content:"/load/hnmh.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.252.155.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853306/; classtype:trojan-activity;sid:84716406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853299)"; flow:established,from_client; content:"GET"; http_method; content:"/load/jhgkuyyg.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"5.252.155.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853299/; classtype:trojan-activity;sid:84716399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.71.131.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_26; reference:url, urlhaus.abuse.ch/url/3853273/; classtype:trojan-activity;sid:84716373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853153)"; flow:established,from_client; content:"GET"; http_method; content:"/respalditoxd122/cmd/refs/heads/main/cryp2_cvtres.txt"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853153/; classtype:trojan-activity;sid:84716253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853148)"; flow:established,from_client; content:"GET"; http_method; content:"/respalditoxd122/cmd/refs/heads/main/tumfuf.txt"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853148/; classtype:trojan-activity;sid:84716248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853085)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.27.20.154"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853085/; classtype:trojan-activity;sid:84716185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853086)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"2.27.20.154"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853086/; classtype:trojan-activity;sid:84716186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853082)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"2.27.20.154"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853082/; classtype:trojan-activity;sid:84716182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853083)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"2.27.20.154"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853083/; classtype:trojan-activity;sid:84716183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3853084)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"2.27.20.154"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3853084/; classtype:trojan-activity;sid:84716184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.230.141.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852888/; classtype:trojan-activity;sid:84715988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852866)"; flow:established,from_client; content:"GET"; http_method; content:"/bluefix.mipsel"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"176.65.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852866/; classtype:trojan-activity;sid:84715966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852867)"; flow:established,from_client; content:"GET"; http_method; content:"/bluefix.aarch64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852867/; classtype:trojan-activity;sid:84715967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852869)"; flow:established,from_client; content:"GET"; http_method; content:"/bluefix.powerpc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.65.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852869/; classtype:trojan-activity;sid:84715969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852870)"; flow:established,from_client; content:"GET"; http_method; content:"/bluefix.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"176.65.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852870/; classtype:trojan-activity;sid:84715970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852865)"; flow:established,from_client; content:"GET"; http_method; content:"/bluefix.armv7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"176.65.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852865/; classtype:trojan-activity;sid:84715965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852863)"; flow:established,from_client; content:"GET"; http_method; content:"/bluefix.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"176.65.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852863/; classtype:trojan-activity;sid:84715963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852846)"; flow:established,from_client; content:"GET"; http_method; content:"/itachiccnts-collab/donuthacks/main/gamble-rig%201.21.jar"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852846/; classtype:trojan-activity;sid:84715946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.106.241.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852725/; classtype:trojan-activity;sid:84715825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.106.241.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852719/; classtype:trojan-activity;sid:84715819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852707)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclear.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852707/; classtype:trojan-activity;sid:84715807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852708)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclear.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852708/; classtype:trojan-activity;sid:84715808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852709)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclear.m68k"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852709/; classtype:trojan-activity;sid:84715809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852712)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclear.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852712/; classtype:trojan-activity;sid:84715812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852713)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclear.arc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852713/; classtype:trojan-activity;sid:84715813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852714)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclear.aarch64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852714/; classtype:trojan-activity;sid:84715814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852715)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclear.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852715/; classtype:trojan-activity;sid:84715815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852716)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclear.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852716/; classtype:trojan-activity;sid:84715816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852717)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclear.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852717/; classtype:trojan-activity;sid:84715817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852704)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclear.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852704/; classtype:trojan-activity;sid:84715804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852705)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclear.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852705/; classtype:trojan-activity;sid:84715805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852706)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclear.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852706/; classtype:trojan-activity;sid:84715806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852675)"; flow:established,from_client; content:"GET"; http_method; content:"/nuclear.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_25; reference:url, urlhaus.abuse.ch/url/3852675/; classtype:trojan-activity;sid:84715775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852636)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"static.210.112.105.178.clients.your-server.de"; http_host; depth:45; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852636/; classtype:trojan-activity;sid:84715736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852633)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.105.112.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852633/; classtype:trojan-activity;sid:84715733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852634)"; flow:established,from_client; content:"GET"; http_method; content:"/o.xml"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.105.112.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852634/; classtype:trojan-activity;sid:84715734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852536)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852536/; classtype:trojan-activity;sid:84715636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852537)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852537/; classtype:trojan-activity;sid:84715637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852538)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852538/; classtype:trojan-activity;sid:84715638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852540)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852540/; classtype:trojan-activity;sid:84715640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852541)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852541/; classtype:trojan-activity;sid:84715641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852542)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.65.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852542/; classtype:trojan-activity;sid:84715642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852534)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852534/; classtype:trojan-activity;sid:84715634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852530)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852530/; classtype:trojan-activity;sid:84715630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852531)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852531/; classtype:trojan-activity;sid:84715631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852532)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852532/; classtype:trojan-activity;sid:84715632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852533)"; flow:established,from_client; content:"GET"; http_method; content:"/wife.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.65.139.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852533/; classtype:trojan-activity;sid:84715633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852524)"; flow:established,from_client; content:"GET"; http_method; content:"/linnn"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852524/; classtype:trojan-activity;sid:84715624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852523)"; flow:established,from_client; content:"GET"; http_method; content:"/lll"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852523/; classtype:trojan-activity;sid:84715623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852462)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852462/; classtype:trojan-activity;sid:84715562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852460)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852460/; classtype:trojan-activity;sid:84715560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852461)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852461/; classtype:trojan-activity;sid:84715561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852456)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852456/; classtype:trojan-activity;sid:84715556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.185.147.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852387/; classtype:trojan-activity;sid:84715487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.129.184.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852319/; classtype:trojan-activity;sid:84715419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.129.184.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_24; reference:url, urlhaus.abuse.ch/url/3852315/; classtype:trojan-activity;sid:84715415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852204)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.36.124.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_23; reference:url, urlhaus.abuse.ch/url/3852204/; classtype:trojan-activity;sid:84715304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3852112)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_a6357da6a05d7266.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_23; reference:url, urlhaus.abuse.ch/url/3852112/; classtype:trojan-activity;sid:84715212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3851770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.252.87.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_22; reference:url, urlhaus.abuse.ch/url/3851770/; classtype:trojan-activity;sid:84714870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3851718)"; flow:established,from_client; content:"GET"; http_method; content:"/rem"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"vanta.st"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_05_22; reference:url, urlhaus.abuse.ch/url/3851718/; classtype:trojan-activity;sid:84714818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3851341)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1p6ct81hwfslgfjlgpg8tn-8afd8q2cx4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_05_21; reference:url, urlhaus.abuse.ch/url/3851341/; classtype:trojan-activity;sid:84714441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3851338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"98.252.87.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_21; reference:url, urlhaus.abuse.ch/url/3851338/; classtype:trojan-activity;sid:84714438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.170.120.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850994/; classtype:trojan-activity;sid:84714094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.183.254.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850976/; classtype:trojan-activity;sid:84714076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.225.67.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850974/; classtype:trojan-activity;sid:84714074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.229.20.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850975/; classtype:trojan-activity;sid:84714075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.43.75.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850968/; classtype:trojan-activity;sid:84714068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850962/; classtype:trojan-activity;sid:84714062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850953/; classtype:trojan-activity;sid:84714053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850950/; classtype:trojan-activity;sid:84714050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.218.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850947/; classtype:trojan-activity;sid:84714047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.250.157.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850936/; classtype:trojan-activity;sid:84714036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.102.89.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850938/; classtype:trojan-activity;sid:84714038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.203.86.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850941/; classtype:trojan-activity;sid:84714041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.46.73.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850942/; classtype:trojan-activity;sid:84714042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.114.239.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850943/; classtype:trojan-activity;sid:84714043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.62.41.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850914/; classtype:trojan-activity;sid:84714014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.58.73.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850928/; classtype:trojan-activity;sid:84714028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850911/; classtype:trojan-activity;sid:84714011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850898)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.61.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850898/; classtype:trojan-activity;sid:84713998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850887)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.66.64.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850887/; classtype:trojan-activity;sid:84713987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850882)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.85.90"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850882/; classtype:trojan-activity;sid:84713982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850878)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.81.12"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850878/; classtype:trojan-activity;sid:84713978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850874)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.20.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850874/; classtype:trojan-activity;sid:84713974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850869)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.25.2.23"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850869/; classtype:trojan-activity;sid:84713969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850872)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.61.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850872/; classtype:trojan-activity;sid:84713972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850873)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.66.64.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850873/; classtype:trojan-activity;sid:84713973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850865)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.212.61.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850865/; classtype:trojan-activity;sid:84713965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850861)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.32.179.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850861/; classtype:trojan-activity;sid:84713961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850862)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.89.92"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850862/; classtype:trojan-activity;sid:84713962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850863)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"79.1.229.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850863/; classtype:trojan-activity;sid:84713963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850864)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.29.186.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850864/; classtype:trojan-activity;sid:84713964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850859)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.203.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850859/; classtype:trojan-activity;sid:84713959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850842)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"136.233.149.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850842/; classtype:trojan-activity;sid:84713942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850838)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.25.2.23"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850838/; classtype:trojan-activity;sid:84713938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850840)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.123.26.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850840/; classtype:trojan-activity;sid:84713940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850837)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.20.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850837/; classtype:trojan-activity;sid:84713937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850834)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"123.210.131.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850834/; classtype:trojan-activity;sid:84713934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850826)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.54.96.91"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850826/; classtype:trojan-activity;sid:84713926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850830)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.66.64.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850830/; classtype:trojan-activity;sid:84713930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850824)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.20.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850824/; classtype:trojan-activity;sid:84713924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850821)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.25.2.23"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850821/; classtype:trojan-activity;sid:84713921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850818)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.20.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850818/; classtype:trojan-activity;sid:84713918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850570)"; flow:established,from_client; content:"GET"; http_method; content:"/prism.sparc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"102.220.160.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850570/; classtype:trojan-activity;sid:84713670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850571)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"102.220.160.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850571/; classtype:trojan-activity;sid:84713671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850572)"; flow:established,from_client; content:"GET"; http_method; content:"/prism.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"102.220.160.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850572/; classtype:trojan-activity;sid:84713672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850573)"; flow:established,from_client; content:"GET"; http_method; content:"/prism.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.220.160.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850573/; classtype:trojan-activity;sid:84713673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850574)"; flow:established,from_client; content:"GET"; http_method; content:"/prism.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.220.160.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850574/; classtype:trojan-activity;sid:84713674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850575)"; flow:established,from_client; content:"GET"; http_method; content:"/prism.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"102.220.160.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850575/; classtype:trojan-activity;sid:84713675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850576)"; flow:established,from_client; content:"GET"; http_method; content:"/prism.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"102.220.160.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850576/; classtype:trojan-activity;sid:84713676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850577)"; flow:established,from_client; content:"GET"; http_method; content:"/prism.arm4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"102.220.160.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850577/; classtype:trojan-activity;sid:84713677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850578)"; flow:established,from_client; content:"GET"; http_method; content:"/prism.i586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"102.220.160.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850578/; classtype:trojan-activity;sid:84713678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850579)"; flow:established,from_client; content:"GET"; http_method; content:"/prism.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.220.160.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850579/; classtype:trojan-activity;sid:84713679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850580)"; flow:established,from_client; content:"GET"; http_method; content:"/prism.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"102.220.160.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850580/; classtype:trojan-activity;sid:84713680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850581)"; flow:established,from_client; content:"GET"; http_method; content:"/prism.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"102.220.160.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850581/; classtype:trojan-activity;sid:84713681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850582)"; flow:established,from_client; content:"GET"; http_method; content:"/prism.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"102.220.160.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850582/; classtype:trojan-activity;sid:84713682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850583)"; flow:established,from_client; content:"GET"; http_method; content:"/prism.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"102.220.160.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850583/; classtype:trojan-activity;sid:84713683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850356)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_20; reference:url, urlhaus.abuse.ch/url/3850356/; classtype:trojan-activity;sid:84713456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850276)"; flow:established,from_client; content:"GET"; http_method; content:"/12/a"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"130.12.180.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850276/; classtype:trojan-activity;sid:84713376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850266)"; flow:established,from_client; content:"GET"; http_method; content:"/7/a"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"130.12.180.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850266/; classtype:trojan-activity;sid:84713366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850263)"; flow:established,from_client; content:"GET"; http_method; content:"/8/a"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"130.12.180.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850263/; classtype:trojan-activity;sid:84713363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850261)"; flow:established,from_client; content:"GET"; http_method; content:"/4/a"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"130.12.180.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850261/; classtype:trojan-activity;sid:84713361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850200)"; flow:established,from_client; content:"GET"; http_method; content:"/meow/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.42.100.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850200/; classtype:trojan-activity;sid:84713300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3850067)"; flow:established,from_client; content:"GET"; http_method; content:"/whatever.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3850067/; classtype:trojan-activity;sid:84713167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849922)"; flow:established,from_client; content:"GET"; http_method; content:"/djmay.png"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"crescentegramas.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849922/; classtype:trojan-activity;sid:84713022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849869)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.i586"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849869/; classtype:trojan-activity;sid:84712969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849870)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849870/; classtype:trojan-activity;sid:84712970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849871)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.armv7l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849871/; classtype:trojan-activity;sid:84712971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849872)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.armv5l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849872/; classtype:trojan-activity;sid:84712972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849873)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.powerpc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849873/; classtype:trojan-activity;sid:84712973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849874)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849874/; classtype:trojan-activity;sid:84712974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849875)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.armv6l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849875/; classtype:trojan-activity;sid:84712975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849877)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.mipsel"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849877/; classtype:trojan-activity;sid:84712977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849878)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/dlr.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_19; reference:url, urlhaus.abuse.ch/url/3849878/; classtype:trojan-activity;sid:84712978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849687)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"14.46.136.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849687/; classtype:trojan-activity;sid:84712787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849688)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.46.136.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849688/; classtype:trojan-activity;sid:84712788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849689)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.46.136.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849689/; classtype:trojan-activity;sid:84712789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849686)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.46.136.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849686/; classtype:trojan-activity;sid:84712786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849685)"; flow:established,from_client; content:"GET"; http_method; content:"/clean"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"14.46.136.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849685/; classtype:trojan-activity;sid:84712785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849675)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.46.136.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849675/; classtype:trojan-activity;sid:84712775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849535)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849535/; classtype:trojan-activity;sid:84712635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849529)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849529/; classtype:trojan-activity;sid:84712629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849530)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849530/; classtype:trojan-activity;sid:84712630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849525)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849525/; classtype:trojan-activity;sid:84712625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849526)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849526/; classtype:trojan-activity;sid:84712626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849518)"; flow:established,from_client; content:"GET"; http_method; content:"/g.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849518/; classtype:trojan-activity;sid:84712618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849505)"; flow:established,from_client; content:"GET"; http_method; content:"/p.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849505/; classtype:trojan-activity;sid:84712605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849506)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849506/; classtype:trojan-activity;sid:84712606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849509)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/w.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849509/; classtype:trojan-activity;sid:84712609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849511)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849511/; classtype:trojan-activity;sid:84712611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849512)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849512/; classtype:trojan-activity;sid:84712612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849502)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849502/; classtype:trojan-activity;sid:84712602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849503)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849503/; classtype:trojan-activity;sid:84712603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849498)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849498/; classtype:trojan-activity;sid:84712598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849494)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849494/; classtype:trojan-activity;sid:84712594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849492)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849492/; classtype:trojan-activity;sid:84712592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849490)"; flow:established,from_client; content:"GET"; http_method; content:"/bee"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849490/; classtype:trojan-activity;sid:84712590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849484)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849484/; classtype:trojan-activity;sid:84712584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849485)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849485/; classtype:trojan-activity;sid:84712585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849479)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849479/; classtype:trojan-activity;sid:84712579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849468)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849468/; classtype:trojan-activity;sid:84712568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849463)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849463/; classtype:trojan-activity;sid:84712563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849459)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849459/; classtype:trojan-activity;sid:84712559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849455)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849455/; classtype:trojan-activity;sid:84712555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849452)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849452/; classtype:trojan-activity;sid:84712552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849441)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849441/; classtype:trojan-activity;sid:84712541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849440)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849440/; classtype:trojan-activity;sid:84712540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849431)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849431/; classtype:trojan-activity;sid:84712531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849435)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849435/; classtype:trojan-activity;sid:84712535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849411)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849411/; classtype:trojan-activity;sid:84712511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849412)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amd64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849412/; classtype:trojan-activity;sid:84712512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849414)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849414/; classtype:trojan-activity;sid:84712514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849404)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849404/; classtype:trojan-activity;sid:84712504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849408)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849408/; classtype:trojan-activity;sid:84712508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849392)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849392/; classtype:trojan-activity;sid:84712492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849393)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849393/; classtype:trojan-activity;sid:84712493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849394)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849394/; classtype:trojan-activity;sid:84712494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849398)"; flow:established,from_client; content:"GET"; http_method; content:"/tp"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849398/; classtype:trojan-activity;sid:84712498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849388)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849388/; classtype:trojan-activity;sid:84712488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849389)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wget.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849389/; classtype:trojan-activity;sid:84712489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849384)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849384/; classtype:trojan-activity;sid:84712484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849386)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849386/; classtype:trojan-activity;sid:84712486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849387)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849387/; classtype:trojan-activity;sid:84712487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849379)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849379/; classtype:trojan-activity;sid:84712479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849381)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cliftycreek.anondns.net"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_05_18; reference:url, urlhaus.abuse.ch/url/3849381/; classtype:trojan-activity;sid:84712481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849034)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849034/; classtype:trojan-activity;sid:84712134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849023)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849023/; classtype:trojan-activity;sid:84712123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849024)"; flow:established,from_client; content:"GET"; http_method; content:"/armhf"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849024/; classtype:trojan-activity;sid:84712124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849025)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849025/; classtype:trojan-activity;sid:84712125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849026)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849026/; classtype:trojan-activity;sid:84712126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849027)"; flow:established,from_client; content:"GET"; http_method; content:"/aarch64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849027/; classtype:trojan-activity;sid:84712127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849028)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849028/; classtype:trojan-activity;sid:84712128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849029)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849029/; classtype:trojan-activity;sid:84712129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849030)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849030/; classtype:trojan-activity;sid:84712130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849031)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849031/; classtype:trojan-activity;sid:84712131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849032)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849032/; classtype:trojan-activity;sid:84712132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849033)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.168.95.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849033/; classtype:trojan-activity;sid:84712133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3849012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.35.228.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3849012/; classtype:trojan-activity;sid:84712112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848694)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.152.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848694/; classtype:trojan-activity;sid:84711794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848495)"; flow:established,from_client; content:"GET"; http_method; content:"/nuts/bolts"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"31.58.226.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848495/; classtype:trojan-activity;sid:84711595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3848486)"; flow:established,from_client; content:"GET"; http_method; content:"/nuts/poop"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.58.226.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_17; reference:url, urlhaus.abuse.ch/url/3848486/; classtype:trojan-activity;sid:84711586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847944)"; flow:established,from_client; content:"GET"; http_method; content:"/1.dll"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"27.124.17.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847944/; classtype:trojan-activity;sid:84711044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847934)"; flow:established,from_client; content:"GET"; http_method; content:"/1.dll"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"27.124.17.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847934/; classtype:trojan-activity;sid:84711034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.166.248.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847745/; classtype:trojan-activity;sid:84710845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.166.248.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847743/; classtype:trojan-activity;sid:84710843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847684)"; flow:established,from_client; content:"GET"; http_method; content:"/isass.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"134.122.189.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847684/; classtype:trojan-activity;sid:84710784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847682)"; flow:established,from_client; content:"GET"; http_method; content:"/isass.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"134.122.189.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847682/; classtype:trojan-activity;sid:84710782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847683)"; flow:established,from_client; content:"GET"; http_method; content:"/isass.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"134.122.189.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847683/; classtype:trojan-activity;sid:84710783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847641)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847641/; classtype:trojan-activity;sid:84710741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847643)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.198.224.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_16; reference:url, urlhaus.abuse.ch/url/3847643/; classtype:trojan-activity;sid:84710743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847406)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv6l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847406/; classtype:trojan-activity;sid:84710506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847407)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.sparc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847407/; classtype:trojan-activity;sid:84710507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847409)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.arc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847409/; classtype:trojan-activity;sid:84710509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847410)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv7l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847410/; classtype:trojan-activity;sid:84710510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847411)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.i586"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847411/; classtype:trojan-activity;sid:84710511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847401)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847401/; classtype:trojan-activity;sid:84710501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847402)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.powerpc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847402/; classtype:trojan-activity;sid:84710502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847403)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.mipsel"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847403/; classtype:trojan-activity;sid:84710503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847404)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847404/; classtype:trojan-activity;sid:84710504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847405)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847405/; classtype:trojan-activity;sid:84710505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847389)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/trans.sh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847389/; classtype:trojan-activity;sid:84710489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847341)"; flow:established,from_client; content:"GET"; http_method; content:"/.x/sys_users"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"13.71.2.244"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847341/; classtype:trojan-activity;sid:84710441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847340)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_b584670f7ec2f317.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847340/; classtype:trojan-activity;sid:84710440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847339)"; flow:established,from_client; content:"GET"; http_method; content:"/file123"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vanta.st"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847339/; classtype:trojan-activity;sid:84710439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847261)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.202.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847261/; classtype:trojan-activity;sid:84710361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847259)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.202.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847259/; classtype:trojan-activity;sid:84710359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847260)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.202.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847260/; classtype:trojan-activity;sid:84710360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847254)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.202.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847254/; classtype:trojan-activity;sid:84710354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847255)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.202.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847255/; classtype:trojan-activity;sid:84710355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847256)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.202.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847256/; classtype:trojan-activity;sid:84710356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847257)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.202.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847257/; classtype:trojan-activity;sid:84710357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847258)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.202.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847258/; classtype:trojan-activity;sid:84710358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.221.222.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847230/; classtype:trojan-activity;sid:84710330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3847114)"; flow:established,from_client; content:"GET"; http_method; content:"/12.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_15; reference:url, urlhaus.abuse.ch/url/3847114/; classtype:trojan-activity;sid:84710214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.221.222.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846936/; classtype:trojan-activity;sid:84710036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846859)"; flow:established,from_client; content:"GET"; http_method; content:"/21.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"130.12.182.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846859/; classtype:trojan-activity;sid:84709959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846755)"; flow:established,from_client; content:"GET"; http_method; content:"/.smart/premium.mp4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"eventsyouwant.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846755/; classtype:trojan-activity;sid:84709855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846741)"; flow:established,from_client; content:"GET"; http_method; content:"/wner/img_054845.png"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"apparelgate.co.uk"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846741/; classtype:trojan-activity;sid:84709841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846716)"; flow:established,from_client; content:"GET"; http_method; content:"/files-129312398/files/file_c0d2eb6a8b73120b.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846716/; classtype:trojan-activity;sid:84709816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846683)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/scsi_tmf_0"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846683/; classtype:trojan-activity;sid:84709783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846684)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/cfg80211d"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846684/; classtype:trojan-activity;sid:84709784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846685)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/edac_polld"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846685/; classtype:trojan-activity;sid:84709785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846686)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xfsaild_sda"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846686/; classtype:trojan-activity;sid:84709786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846676)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/devfreq_wq"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846676/; classtype:trojan-activity;sid:84709776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846677)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jbd2_sda1d"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846677/; classtype:trojan-activity;sid:84709777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846678)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ksoftirqd0"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846678/; classtype:trojan-activity;sid:84709778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846679)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kblockd0"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846679/; classtype:trojan-activity;sid:84709779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846681)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/rcuop_0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846681/; classtype:trojan-activity;sid:84709781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846682)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kworker_u8"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846682/; classtype:trojan-activity;sid:84709782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846674)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ecryptfsd"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846674/; classtype:trojan-activity;sid:84709774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846675)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kswapd0"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846675/; classtype:trojan-activity;sid:84709775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846673)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/zswap_shrinkd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"150.40.126.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846673/; classtype:trojan-activity;sid:84709773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846558)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_14; reference:url, urlhaus.abuse.ch/url/3846558/; classtype:trojan-activity;sid:84709658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"212.232.22.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846318/; classtype:trojan-activity;sid:84709418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"46.151.182.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846316/; classtype:trojan-activity;sid:84709416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"212.232.22.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846317/; classtype:trojan-activity;sid:84709417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.151.182.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846315/; classtype:trojan-activity;sid:84709415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846232)"; flow:established,from_client; content:"GET"; http_method; content:"/imagetest0071154z7.png"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846232/; classtype:trojan-activity;sid:84709332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846231)"; flow:established,from_client; content:"GET"; http_method; content:"/imagetest00711z5.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846231/; classtype:trojan-activity;sid:84709331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846228)"; flow:established,from_client; content:"GET"; http_method; content:"/imagetest0093t536.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846228/; classtype:trojan-activity;sid:84709328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846229)"; flow:established,from_client; content:"GET"; http_method; content:"/imagecab001.png"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846229/; classtype:trojan-activity;sid:84709329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846230)"; flow:established,from_client; content:"GET"; http_method; content:"/imagetext0117z45.png"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846230/; classtype:trojan-activity;sid:84709330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3846217)"; flow:established,from_client; content:"GET"; http_method; content:"/mdclient.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_13; reference:url, urlhaus.abuse.ch/url/3846217/; classtype:trojan-activity;sid:84709317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845101)"; flow:established,from_client; content:"GET"; http_method; content:"//arm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845101/; classtype:trojan-activity;sid:84708201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3845048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.88.191.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_12; reference:url, urlhaus.abuse.ch/url/3845048/; classtype:trojan-activity;sid:84708148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.113.186.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_09; reference:url, urlhaus.abuse.ch/url/3843177/; classtype:trojan-activity;sid:84706277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3843163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.113.186.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_09; reference:url, urlhaus.abuse.ch/url/3843163/; classtype:trojan-activity;sid:84706263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841856)"; flow:established,from_client; content:"GET"; http_method; content:"/imagetest001.png"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_08; reference:url, urlhaus.abuse.ch/url/3841856/; classtype:trojan-activity;sid:84704956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3841120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.231.7.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_07; reference:url, urlhaus.abuse.ch/url/3841120/; classtype:trojan-activity;sid:84704220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840811)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=11.msi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"bafybeibh6u74fuvyazqu2q7y6pginkxprjurxchgfshwigrs5y77qcbj6i.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840811/; classtype:trojan-activity;sid:84703911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840659)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840659/; classtype:trojan-activity;sid:84703759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840660)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840660/; classtype:trojan-activity;sid:84703760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840654)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kla.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840654/; classtype:trojan-activity;sid:84703754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840655)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840655/; classtype:trojan-activity;sid:84703755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840656)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840656/; classtype:trojan-activity;sid:84703756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840658)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840658/; classtype:trojan-activity;sid:84703758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840538)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840538/; classtype:trojan-activity;sid:84703638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3840540)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.32.41.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_05_06; reference:url, urlhaus.abuse.ch/url/3840540/; classtype:trojan-activity;sid:84703640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839660)"; flow:established,from_client; content:"GET"; http_method; content:"/fo4translator.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"193.233.113.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839660/; classtype:trojan-activity;sid:84702760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3839430)"; flow:established,from_client; content:"GET"; http_method; content:"/kikimora-arch/solid-doodle/releases/download/realease/kikikmoralibrary.exe"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_05; reference:url, urlhaus.abuse.ch/url/3839430/; classtype:trojan-activity;sid:84702530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.116.56.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838932/; classtype:trojan-activity;sid:84702032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.244.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838558/; classtype:trojan-activity;sid:84701658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3838549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.244.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_04; reference:url, urlhaus.abuse.ch/url/3838549/; classtype:trojan-activity;sid:84701649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.92.243.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837298/; classtype:trojan-activity;sid:84700398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.92.243.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837295/; classtype:trojan-activity;sid:84700395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.92.243.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837292/; classtype:trojan-activity;sid:84700392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.16.55.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837233/; classtype:trojan-activity;sid:84700333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.16.55.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837229/; classtype:trojan-activity;sid:84700329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.55.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837226/; classtype:trojan-activity;sid:84700326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"178.16.54.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837223/; classtype:trojan-activity;sid:84700323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3837221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.54.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3837221/; classtype:trojan-activity;sid:84700321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.228.239.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3836948/; classtype:trojan-activity;sid:84700048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.228.239.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_05_02; reference:url, urlhaus.abuse.ch/url/3836936/; classtype:trojan-activity;sid:84700036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836242)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/rajendra2604.github.io/refs/heads/main/hypereutectoid/rajendra-github-io-1.7.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836242/; classtype:trojan-activity;sid:84699342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836232)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/rajendra2604.github.io/raw/refs/heads/main/hypereutectoid/rajendra-github-io-1.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836232/; classtype:trojan-activity;sid:84699332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836233)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/kanban-for-ai-agents/refs/heads/main/amphitheatrically/agents_for_a_kanban_1.5.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836233/; classtype:trojan-activity;sid:84699333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836228)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/rajendra2604.github.io/raw/refs/heads/main/hypereutectoid/io-github-rajendra-collectivize.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836228/; classtype:trojan-activity;sid:84699328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836224)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/kanban-for-ai-agents/refs/heads/main/amphitheatrically/kanban-agents-a-for-3.7.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836224/; classtype:trojan-activity;sid:84699324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836226)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/rajendra2604.github.io/refs/heads/main/hypereutectoid/io-github-rajendra-collectivize.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836226/; classtype:trojan-activity;sid:84699326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836221)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/kanban-for-ai-agents/raw/refs/heads/main/amphitheatrically/agents_for_a_kanban_1.5.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836221/; classtype:trojan-activity;sid:84699321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836222)"; flow:established,from_client; content:"GET"; http_method; content:"/rajendra2604/kanban-for-ai-agents/raw/refs/heads/main/amphitheatrically/kanban-agents-a-for-3.7.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836222/; classtype:trojan-activity;sid:84699322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836190)"; flow:established,from_client; content:"GET"; http_method; content:"/teamkura1/uploadproject/refs/heads/main/colours/upload-project-v1.7.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836190/; classtype:trojan-activity;sid:84699290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836187)"; flow:established,from_client; content:"GET"; http_method; content:"/asherfn/asherfn.github.io/raw/refs/heads/main/swankily/io-asherfn-github-3.6.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836187/; classtype:trojan-activity;sid:84699287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836188)"; flow:established,from_client; content:"GET"; http_method; content:"/khonneymann/nightops-drop/raw/refs/heads/main/loggat/nightops_drop_2.6.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836188/; classtype:trojan-activity;sid:84699288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836177)"; flow:established,from_client; content:"GET"; http_method; content:"/teamkura1/uploadproject/raw/refs/heads/main/colours/upload-project-v1.7.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836177/; classtype:trojan-activity;sid:84699277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836180)"; flow:established,from_client; content:"GET"; http_method; content:"/shaswat0/spotify-project/raw/refs/heads/main/project/project_spotify_1.4.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836180/; classtype:trojan-activity;sid:84699280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836182)"; flow:established,from_client; content:"GET"; http_method; content:"/bradorahacker001/guru-bot/raw/refs/heads/main/guru/bot_gur_pilgrimatical.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836182/; classtype:trojan-activity;sid:84699282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836183)"; flow:established,from_client; content:"GET"; http_method; content:"/asherfn/asherfn.github.io/refs/heads/main/swankily/io-asherfn-github-3.6.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836183/; classtype:trojan-activity;sid:84699283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836184)"; flow:established,from_client; content:"GET"; http_method; content:"/shaswat0/spotify-project/refs/heads/main/project/project_spotify_1.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836184/; classtype:trojan-activity;sid:84699284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836185)"; flow:established,from_client; content:"GET"; http_method; content:"/asherfn/acadex-ai-google-deepmind/refs/heads/main/components/deepmind-a-acadex-google-v1.8-alpha.4.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836185/; classtype:trojan-activity;sid:84699285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836170)"; flow:established,from_client; content:"GET"; http_method; content:"/teamkura1/teamkura1.github.io/refs/heads/main/barreler/teamkura_io_github_v1.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836170/; classtype:trojan-activity;sid:84699270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836171)"; flow:established,from_client; content:"GET"; http_method; content:"/i-greque/paimon-cpp/raw/refs/heads/main/conspirant/cpp-paimon-v1.9-alpha.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836171/; classtype:trojan-activity;sid:84699271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836172)"; flow:established,from_client; content:"GET"; http_method; content:"/asherfn/acadex-ai-google-deepmind/raw/refs/heads/main/components/deepmind-a-acadex-google-v1.8-alpha.4.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836172/; classtype:trojan-activity;sid:84699272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836173)"; flow:established,from_client; content:"GET"; http_method; content:"/shaswat0/servicemesh-istio-demo/raw/refs/heads/main/customer-service/src/main/java/servicemesh_istio_demo_2.2.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836173/; classtype:trojan-activity;sid:84699273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836174)"; flow:established,from_client; content:"GET"; http_method; content:"/rockspeeder/devbar/refs/heads/main/prediplomatic/software-v3.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836174/; classtype:trojan-activity;sid:84699274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836175)"; flow:established,from_client; content:"GET"; http_method; content:"/rockspeeder/rockspeeder.github.io/refs/heads/main/geognost/rockspeeder_github_io_v1.9.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836175/; classtype:trojan-activity;sid:84699275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836176)"; flow:established,from_client; content:"GET"; http_method; content:"/bradorahacker001/flash-md/raw/refs/heads/main/bdd/md-flash-v3.6.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836176/; classtype:trojan-activity;sid:84699276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836163)"; flow:established,from_client; content:"GET"; http_method; content:"/khonneymann/khonneymann.github.io/raw/refs/heads/main/ourselves/khonneymann_io_github_1.1.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836163/; classtype:trojan-activity;sid:84699263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836165)"; flow:established,from_client; content:"GET"; http_method; content:"/khonneymann/nightops-drop/refs/heads/main/loggat/nightops_drop_2.6.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836165/; classtype:trojan-activity;sid:84699265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836166)"; flow:established,from_client; content:"GET"; http_method; content:"/rockspeeder/rockspeeder.github.io/raw/refs/heads/main/geognost/rockspeeder_github_io_v1.9.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836166/; classtype:trojan-activity;sid:84699266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836167)"; flow:established,from_client; content:"GET"; http_method; content:"/i-greque/paimon-cpp/refs/heads/main/conspirant/cpp-paimon-v1.9-alpha.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836167/; classtype:trojan-activity;sid:84699267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836168)"; flow:established,from_client; content:"GET"; http_method; content:"/thejangs2/zigantic/refs/heads/main/docs/.vitepress/software_v3.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836168/; classtype:trojan-activity;sid:84699268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836160)"; flow:established,from_client; content:"GET"; http_method; content:"/bradorahacker001/employees-fullstack/refs/heads/main/angular-frontend/employees-ui/src/app/features/fullstack_employees_v2.7.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836160/; classtype:trojan-activity;sid:84699260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836161)"; flow:established,from_client; content:"GET"; http_method; content:"/bradorahacker001/flash-md/refs/heads/main/bdd/md-flash-v3.6.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836161/; classtype:trojan-activity;sid:84699261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836156)"; flow:established,from_client; content:"GET"; http_method; content:"/bradorahacker001/guru-bot/refs/heads/main/guru/bot_gur_pilgrimatical.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836156/; classtype:trojan-activity;sid:84699256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836157)"; flow:established,from_client; content:"GET"; http_method; content:"/bradorahacker001/bradorahacker001.github.io/refs/heads/main/nasopharyngeal/github-bradorahacker-io-v1.0.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836157/; classtype:trojan-activity;sid:84699257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836158)"; flow:established,from_client; content:"GET"; http_method; content:"/thejangs2/zigantic/raw/refs/heads/main/docs/.vitepress/software_v3.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836158/; classtype:trojan-activity;sid:84699258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836150)"; flow:established,from_client; content:"GET"; http_method; content:"/bradorahacker001/employees-fullstack/raw/refs/heads/main/angular-frontend/employees-ui/src/app/features/fullstack_employees_v2.7.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836150/; classtype:trojan-activity;sid:84699250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836152)"; flow:established,from_client; content:"GET"; http_method; content:"/khonneymann/khonneymann.github.io/refs/heads/main/ourselves/khonneymann_io_github_1.1.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836152/; classtype:trojan-activity;sid:84699252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836153)"; flow:established,from_client; content:"GET"; http_method; content:"/bradorahacker001/bradorahacker001.github.io/raw/refs/heads/main/nasopharyngeal/github-bradorahacker-io-v1.0.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836153/; classtype:trojan-activity;sid:84699253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836154)"; flow:established,from_client; content:"GET"; http_method; content:"/shaswat0/servicemesh-istio-demo/refs/heads/main/customer-service/src/main/java/servicemesh_istio_demo_2.2.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836154/; classtype:trojan-activity;sid:84699254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836155)"; flow:established,from_client; content:"GET"; http_method; content:"/teamkura1/teamkura1.github.io/raw/refs/heads/main/barreler/teamkura_io_github_v1.8.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836155/; classtype:trojan-activity;sid:84699255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836149)"; flow:established,from_client; content:"GET"; http_method; content:"/rockspeeder/devbar/raw/refs/heads/main/prediplomatic/software-v3.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836149/; classtype:trojan-activity;sid:84699249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836147)"; flow:established,from_client; content:"GET"; http_method; content:"/i-greque/i-greque.github.io/raw/refs/heads/main/preseal/greque_i_io_github_3.4.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836147/; classtype:trojan-activity;sid:84699247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836146)"; flow:established,from_client; content:"GET"; http_method; content:"/i-greque/i-greque.github.io/refs/heads/main/preseal/greque_i_io_github_3.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836146/; classtype:trojan-activity;sid:84699246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836140)"; flow:established,from_client; content:"GET"; http_method; content:"/hehehegnnnnnnnnnnnnnnnnnn/i-am-not-a-robot/raw/refs/heads/main/biblicality/i_am_robot_a_not_v1.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836140/; classtype:trojan-activity;sid:84699240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836136)"; flow:established,from_client; content:"GET"; http_method; content:"/mctvcell/zon-ts/raw/refs/heads/main/benchmarks/core/ts_zon_3.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836136/; classtype:trojan-activity;sid:84699236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836134)"; flow:established,from_client; content:"GET"; http_method; content:"/bielelmagu/roblox-fps-unlocker/raw/refs/heads/main/dihydride/unlocker_roblox_fp_actipylea.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836134/; classtype:trojan-activity;sid:84699234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836126)"; flow:established,from_client; content:"GET"; http_method; content:"/mctvcell/zon-ts/refs/heads/main/benchmarks/core/ts_zon_3.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836126/; classtype:trojan-activity;sid:84699226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836127)"; flow:established,from_client; content:"GET"; http_method; content:"/hehehegnnnnnnnnnnnnnnnnnn/roblox-fps-unlocker/raw/refs/heads/main/devvel/fp_roblox_unlocker_3.4.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836127/; classtype:trojan-activity;sid:84699227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836128)"; flow:established,from_client; content:"GET"; http_method; content:"/hehehegnnnnnnnnnnnnnnnnnn/roblox-fps-unlocker/refs/heads/main/devvel/fp_roblox_unlocker_3.4.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836128/; classtype:trojan-activity;sid:84699228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836129)"; flow:established,from_client; content:"GET"; http_method; content:"/hehehegnnnnnnnnnnnnnnnnnn/i-am-not-a-robot/refs/heads/main/biblicality/i_am_robot_a_not_v1.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836129/; classtype:trojan-activity;sid:84699229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836130)"; flow:established,from_client; content:"GET"; http_method; content:"/bielelmagu/roblox-fps-unlocker/refs/heads/main/dihydride/unlocker_roblox_fp_actipylea.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836130/; classtype:trojan-activity;sid:84699230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836099)"; flow:established,from_client; content:"GET"; http_method; content:"/lineratlift43/hwidclean/releases/download/hwidspoofer/latest.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836099/; classtype:trojan-activity;sid:84699199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836094)"; flow:established,from_client; content:"GET"; http_method; content:"/primmslimx/fivem-spoofer/refs/heads/main/cfxbypass.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836094/; classtype:trojan-activity;sid:84699194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3836095)"; flow:established,from_client; content:"GET"; http_method; content:"/primmslimx/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3836095/; classtype:trojan-activity;sid:84699195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835850)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv4l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3835850/; classtype:trojan-activity;sid:84698950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835847)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3835847/; classtype:trojan-activity;sid:84698947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835849)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3835849/; classtype:trojan-activity;sid:84698949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835845)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86_64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3835845/; classtype:trojan-activity;sid:84698945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835831)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv7l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3835831/; classtype:trojan-activity;sid:84698931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835832)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv6l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3835832/; classtype:trojan-activity;sid:84698932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835833)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3835833/; classtype:trojan-activity;sid:84698933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835834)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/aarch64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_05_01; reference:url, urlhaus.abuse.ch/url/3835834/; classtype:trojan-activity;sid:84698934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835814)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/armv5l"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835814/; classtype:trojan-activity;sid:84698914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835812)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835812/; classtype:trojan-activity;sid:84698912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835260)"; flow:established,from_client; content:"GET"; http_method; content:"/sunwukongs.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"plasteredplayn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835260/; classtype:trojan-activity;sid:84698360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3835137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.83.86.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_30; reference:url, urlhaus.abuse.ch/url/3835137/; classtype:trojan-activity;sid:84698237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.65.192.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834223/; classtype:trojan-activity;sid:84697323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3834216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.65.192.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_29; reference:url, urlhaus.abuse.ch/url/3834216/; classtype:trojan-activity;sid:84697316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.236.46.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833868/; classtype:trojan-activity;sid:84696968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833743)"; flow:established,from_client; content:"GET"; http_method; content:"/rum/optimized_msi.png"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"spgint.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833743/; classtype:trojan-activity;sid:84696843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833740)"; flow:established,from_client; content:"GET"; http_method; content:"/uplod/optimized_msi.png"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"autobaenasl.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833740/; classtype:trojan-activity;sid:84696840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833733)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"postelnini.mk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833733/; classtype:trojan-activity;sid:84696833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3833499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.236.46.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_28; reference:url, urlhaus.abuse.ch/url/3833499/; classtype:trojan-activity;sid:84696599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832920)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.62.41.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_27; reference:url, urlhaus.abuse.ch/url/3832920/; classtype:trojan-activity;sid:84696020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.88.191.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_27; reference:url, urlhaus.abuse.ch/url/3832742/; classtype:trojan-activity;sid:84695842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832733)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/xmrig.tar.gz"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"31.57.109.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_27; reference:url, urlhaus.abuse.ch/url/3832733/; classtype:trojan-activity;sid:84695833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832661)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_mipsle"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832661/; classtype:trojan-activity;sid:84695761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832662)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_arm64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832662/; classtype:trojan-activity;sid:84695762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832663)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832663/; classtype:trojan-activity;sid:84695763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832664)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832664/; classtype:trojan-activity;sid:84695764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832658)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_armv6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832658/; classtype:trojan-activity;sid:84695758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832659)"; flow:established,from_client; content:"GET"; http_method; content:"/agent_armv7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832659/; classtype:trojan-activity;sid:84695759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832516)"; flow:established,from_client; content:"GET"; http_method; content:"/terrabot/023782pler.x86_64"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"140.233.190.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832516/; classtype:trojan-activity;sid:84695616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832514)"; flow:established,from_client; content:"GET"; http_method; content:"/terrabot/023782pler.arm6"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"140.233.190.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832514/; classtype:trojan-activity;sid:84695614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832508)"; flow:established,from_client; content:"GET"; http_method; content:"/terrabot/023782pler.mpsl"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"140.233.190.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832508/; classtype:trojan-activity;sid:84695608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832509)"; flow:established,from_client; content:"GET"; http_method; content:"/terrabot/023782pler.ppc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"140.233.190.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832509/; classtype:trojan-activity;sid:84695609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832510)"; flow:established,from_client; content:"GET"; http_method; content:"/terrabot/023782pler.arm7"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"140.233.190.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832510/; classtype:trojan-activity;sid:84695610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832511)"; flow:established,from_client; content:"GET"; http_method; content:"/terrabot/023782pler.arm5"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"140.233.190.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832511/; classtype:trojan-activity;sid:84695611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832503)"; flow:established,from_client; content:"GET"; http_method; content:"/terrabot/023782pler.arm"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"140.233.190.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832503/; classtype:trojan-activity;sid:84695603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832504)"; flow:established,from_client; content:"GET"; http_method; content:"/terrabot/023782pler.x86"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"140.233.190.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832504/; classtype:trojan-activity;sid:84695604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832505)"; flow:established,from_client; content:"GET"; http_method; content:"/terrabot/023782pler.sh4"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"140.233.190.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832505/; classtype:trojan-activity;sid:84695605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832506)"; flow:established,from_client; content:"GET"; http_method; content:"/terrabot/023782pler.spc"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"140.233.190.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832506/; classtype:trojan-activity;sid:84695606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832500)"; flow:established,from_client; content:"GET"; http_method; content:"/terrabot/023782pler.i686"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"140.233.190.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832500/; classtype:trojan-activity;sid:84695600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832501)"; flow:established,from_client; content:"GET"; http_method; content:"/terrabot/023782pler.m68k"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"140.233.190.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832501/; classtype:trojan-activity;sid:84695601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"45.138.16.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832456/; classtype:trojan-activity;sid:84695556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832353)"; flow:established,from_client; content:"GET"; http_method; content:"/nerd1337-afk/1337/raw/refs/heads/main/abe_decrypt.dll"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832353/; classtype:trojan-activity;sid:84695453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.187.101.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832339/; classtype:trojan-activity;sid:84695439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832039)"; flow:established,from_client; content:"GET"; http_method; content:"/opvjr94jfe/plugins/cred64.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832039/; classtype:trojan-activity;sid:84695139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3832038)"; flow:established,from_client; content:"GET"; http_method; content:"/opvjr94jfe/plugins/cred.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3832038/; classtype:trojan-activity;sid:84695138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831738)"; flow:established,from_client; content:"GET"; http_method; content:"/aiermass/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_26; reference:url, urlhaus.abuse.ch/url/3831738/; classtype:trojan-activity;sid:84694838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831663)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/lterouter"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831663/; classtype:trojan-activity;sid:84694763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831660)"; flow:established,from_client; content:"GET"; http_method; content:"/n2/mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"162.248.101.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831660/; classtype:trojan-activity;sid:84694760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831490)"; flow:established,from_client; content:"GET"; http_method; content:"/labieds/splitwriter/raw/refs/heads/main/public/splitwriter-v2.8.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831490/; classtype:trojan-activity;sid:84694590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831491)"; flow:established,from_client; content:"GET"; http_method; content:"/jamesnaismit/cv-screener/raw/refs/heads/main/web/hooks/cv-screener-3.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831491/; classtype:trojan-activity;sid:84694591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831492)"; flow:established,from_client; content:"GET"; http_method; content:"/sahius1/socialvideoutility/main/screenshots/video-social-utility-v2.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831492/; classtype:trojan-activity;sid:84694592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831479)"; flow:established,from_client; content:"GET"; http_method; content:"/123affano1/claudetrack/raw/refs/heads/main/client/src/pages/software_v1.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831479/; classtype:trojan-activity;sid:84694579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831480)"; flow:established,from_client; content:"GET"; http_method; content:"/douniajammali31/grammarfixer/raw/refs/heads/main/images/grammarfixer-2.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831480/; classtype:trojan-activity;sid:84694580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831481)"; flow:established,from_client; content:"GET"; http_method; content:"/chamara1989/prismos-ai/main/docs/screenshots/prismos_ai_2.6.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831481/; classtype:trojan-activity;sid:84694581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831482)"; flow:established,from_client; content:"GET"; http_method; content:"/commutertrafficfarsi309/qclaw-old/raw/refs/heads/main/fasciolidae/qclaw_old_v1.2.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831482/; classtype:trojan-activity;sid:84694582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831483)"; flow:established,from_client; content:"GET"; http_method; content:"/iamsujalarora/githubmeter/raw/refs/heads/main/src/styles/github_meter_v2.5.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831483/; classtype:trojan-activity;sid:84694583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831484)"; flow:established,from_client; content:"GET"; http_method; content:"/arockiakoilpillai/temp-email-api/raw/refs/heads/master/images/temp-email-api-v1.4.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831484/; classtype:trojan-activity;sid:84694584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831485)"; flow:established,from_client; content:"GET"; http_method; content:"/ggshcgdh/localtranslateapp/raw/refs/heads/main/kittly/translate_app_local_3.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831485/; classtype:trojan-activity;sid:84694585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831486)"; flow:established,from_client; content:"GET"; http_method; content:"/arockiakoilpillai/temp-email-api/raw/refs/heads/master/images/temp-email-api_v3.7.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831486/; classtype:trojan-activity;sid:84694586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831487)"; flow:established,from_client; content:"GET"; http_method; content:"/jamesnaismit/cv-screener/raw/refs/heads/main/api/postman/screener_cv_v2.8-alpha.2.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831487/; classtype:trojan-activity;sid:84694587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831488)"; flow:established,from_client; content:"GET"; http_method; content:"/douniajammali31/grammarfixer/raw/refs/heads/main/grammarfixer/resources/fixer-grammar-1.6.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831488/; classtype:trojan-activity;sid:84694588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831478)"; flow:established,from_client; content:"GET"; http_method; content:"/lapk0m/n01d-overwatch/main/shared/overwatch-n-d-2.9.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831478/; classtype:trojan-activity;sid:84694578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831476)"; flow:established,from_client; content:"GET"; http_method; content:"/nytroze/ant-design-wpf/raw/refs/heads/master/src/antdesign.wpf/wpf-ant-design-v3.7-beta.3.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831476/; classtype:trojan-activity;sid:84694576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831477)"; flow:established,from_client; content:"GET"; http_method; content:"/mikey143-kun/agentchattr/main/session_templates/software-3.8.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831477/; classtype:trojan-activity;sid:84694577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831472)"; flow:established,from_client; content:"GET"; http_method; content:"/ayubalishah/mac-recorder/raw/refs/heads/main/dist/macrecorder-0.2.0.pkg"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831472/; classtype:trojan-activity;sid:84694572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831473)"; flow:established,from_client; content:"GET"; http_method; content:"/mwamwaaaa/opentypeless/main/src/hooks/software-v1.3.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831473/; classtype:trojan-activity;sid:84694573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831474)"; flow:established,from_client; content:"GET"; http_method; content:"/ayubalishah/mac-recorder/main/macrecorder/resources/assets.xcassets/recorder-mac-2.6.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831474/; classtype:trojan-activity;sid:84694574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831475)"; flow:established,from_client; content:"GET"; http_method; content:"/nightmanvr/modernnav/raw/refs/heads/main/src/hooks/modern_nav_1.5.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831475/; classtype:trojan-activity;sid:84694575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831467)"; flow:established,from_client; content:"GET"; http_method; content:"/nightmanvr/modernnav/raw/refs/heads/main/public/fonts/modern-nav-v3.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831467/; classtype:trojan-activity;sid:84694567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831471)"; flow:established,from_client; content:"GET"; http_method; content:"/labieds/splitwriter/main/src/windows%20-%20old/boards/text-engine/_old/software-v2.8-beta.5.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831471/; classtype:trojan-activity;sid:84694571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831462)"; flow:established,from_client; content:"GET"; http_method; content:"/twelve-today822/juai/main/assets/ai_ju_riverwards.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831462/; classtype:trojan-activity;sid:84694562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831450)"; flow:established,from_client; content:"GET"; http_method; content:"/yashsoni443/ai-image-generator-web/master/functions/web_generator_image_ai_v2.3.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831450/; classtype:trojan-activity;sid:84694550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831451)"; flow:established,from_client; content:"GET"; http_method; content:"/memet-jo/trading/raw/refs/heads/main/sylphlike/trading-3.1.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831451/; classtype:trojan-activity;sid:84694551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831446)"; flow:established,from_client; content:"GET"; http_method; content:"/unaccustomed-godspeed86/appbun/main/src/lib/software-2.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831446/; classtype:trojan-activity;sid:84694546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831447)"; flow:established,from_client; content:"GET"; http_method; content:"/yashsoni443/ai-image-generator-web/raw/refs/heads/master/functions/ai-image-generator-web_v3.0.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831447/; classtype:trojan-activity;sid:84694547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831448)"; flow:established,from_client; content:"GET"; http_method; content:"/lacquerwarepernyimoth791/crosshair-x-custom-crosshair-overlay-for-every-game/raw/refs/heads/main/1.24.2/for_game_custom_overlay_every_crosshair_3.2-alpha.2.zip"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831448/; classtype:trojan-activity;sid:84694548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831449)"; flow:established,from_client; content:"GET"; http_method; content:"/yuhejdjdi2828264/ediktefinder-analyzer/raw/refs/heads/main/feminality/analyzer-edikte-finder-3.2.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831449/; classtype:trojan-activity;sid:84694549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831441)"; flow:established,from_client; content:"GET"; http_method; content:"/almondleaveswillowlorenzodressing280/opguia/main/opguia/pages/connection/software-v1.2-alpha.2.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831441/; classtype:trojan-activity;sid:84694541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831442)"; flow:established,from_client; content:"GET"; http_method; content:"/yousefmohamed54701/pygenpass/main/intertangle/gen-py-pass-v3.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831442/; classtype:trojan-activity;sid:84694542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831443)"; flow:established,from_client; content:"GET"; http_method; content:"/mrfrank-07/ipa-edit/raw/refs/heads/main/modules/edit_i_p_v1.7.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831443/; classtype:trojan-activity;sid:84694543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831445)"; flow:established,from_client; content:"GET"; http_method; content:"/bragii044/securekey-vault/main/context/secure_vault_key_v2.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831445/; classtype:trojan-activity;sid:84694545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831436)"; flow:established,from_client; content:"GET"; http_method; content:"/ajobka/teams-alive/raw/refs/heads/main/childe/teams-alive-1.1.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831436/; classtype:trojan-activity;sid:84694536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831438)"; flow:established,from_client; content:"GET"; http_method; content:"/holasisisi23/telegram-media-downloader/raw/refs/heads/main/unnoticed/media-telegram-downloader-unhatched.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831438/; classtype:trojan-activity;sid:84694538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831439)"; flow:established,from_client; content:"GET"; http_method; content:"/astriefaw/animo-app/raw/refs/heads/master/gradle/wrapper/animo-app_v2.0.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831439/; classtype:trojan-activity;sid:84694539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831440)"; flow:established,from_client; content:"GET"; http_method; content:"/flystudiostech/haydee-ai-outfit-generator-gui/main/tests/ai_outfit_generator_haydee_gui_1.4.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831440/; classtype:trojan-activity;sid:84694540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831432)"; flow:established,from_client; content:"GET"; http_method; content:"/pitthawat7/openclaw-win/raw/refs/heads/main/src/win_openclaw_2.7-alpha.2.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831432/; classtype:trojan-activity;sid:84694532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831433)"; flow:established,from_client; content:"GET"; http_method; content:"/funeralvalue508/crossdevicetracker.desktop/main/unheretical/cross_tracker_desktop_device_v1.8.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831433/; classtype:trojan-activity;sid:84694533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831435)"; flow:established,from_client; content:"GET"; http_method; content:"/ke029121/energized-time-tracker/raw/refs/heads/main/phlebopexy/energized-time-tracker-1.7.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831435/; classtype:trojan-activity;sid:84694535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831429)"; flow:established,from_client; content:"GET"; http_method; content:"/sparoecanthusfultoni104/exphora_db/raw/refs/heads/main/ui/src/components/settings/exphora-db-v3.4-beta.1.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831429/; classtype:trojan-activity;sid:84694529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831430)"; flow:established,from_client; content:"GET"; http_method; content:"/anandhupeepi/kafkalet/raw/refs/heads/main/frontend/node_modules/tailwindcss/lib/cli/software-cowardy.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831430/; classtype:trojan-activity;sid:84694530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831425)"; flow:established,from_client; content:"GET"; http_method; content:"/hundred-praisworthiness384/domainos/main/scripts/os-domain-1.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831425/; classtype:trojan-activity;sid:84694525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831427)"; flow:established,from_client; content:"GET"; http_method; content:"/acting-correlationalanalysis567/twin-bridge-v1/main/frontend/src/bridge_twin_1.1.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831427/; classtype:trojan-activity;sid:84694527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831417)"; flow:established,from_client; content:"GET"; http_method; content:"/kathan2504/auto-voice-over-tool/raw/refs/heads/main/src/windows/main/auto_tool_over_voice_fining.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831417/; classtype:trojan-activity;sid:84694517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831406)"; flow:established,from_client; content:"GET"; http_method; content:"/loeyyyyy/ai-voice-changer-real-time-2026/raw/refs/heads/main/cpp/de/jurihock/voicesmith/plug/time-changer-real-a-voice-3.4.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831406/; classtype:trojan-activity;sid:84694506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831407)"; flow:established,from_client; content:"GET"; http_method; content:"/astriefaw/animo-app/raw/refs/heads/master/gradle/animo_app_v1.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831407/; classtype:trojan-activity;sid:84694507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831409)"; flow:established,from_client; content:"GET"; http_method; content:"/poetic-macroglia442/openclaw-desktop-launcher/raw/refs/heads/main/startopenclawlauncher/services/launcher_desktop_openclaw_v3.8-beta.2.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831409/; classtype:trojan-activity;sid:84694509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831410)"; flow:established,from_client; content:"GET"; http_method; content:"/memet-jo/trading/raw/refs/heads/main/sylphlike/software_1.0.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831410/; classtype:trojan-activity;sid:84694510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831411)"; flow:established,from_client; content:"GET"; http_method; content:"/sb090/tauri-plugin-macos-fps/main/examples/fps-diag/src-tauri/capabilities/plugin_macos_fps_tauri_2.4.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831411/; classtype:trojan-activity;sid:84694511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831403)"; flow:established,from_client; content:"GET"; http_method; content:"/koteshwr-ra/linux-mac/main/image/common/overlay/etc/linux_mac_hacker.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831403/; classtype:trojan-activity;sid:84694503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831404)"; flow:established,from_client; content:"GET"; http_method; content:"/abdulmejid/desktopledsync/main/providers/desktop_led_sync_v3.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831404/; classtype:trojan-activity;sid:84694504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831405)"; flow:established,from_client; content:"GET"; http_method; content:"/eliasxii/nullbyte/raw/refs/heads/main/docs/assets/byte_null_v3.0-beta.4.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831405/; classtype:trojan-activity;sid:84694505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831369)"; flow:established,from_client; content:"GET"; http_method; content:"/scriptez1/redxfreesteaminstaller/releases/download/v2.4.4/redx_setup.exe"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831369/; classtype:trojan-activity;sid:84694469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831364)"; flow:established,from_client; content:"GET"; http_method; content:"/duroypogi/gann-master-3d/raw/refs/heads/main/perichondritis/gann-d-master-v3.0-beta.5.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831364/; classtype:trojan-activity;sid:84694464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831366)"; flow:established,from_client; content:"GET"; http_method; content:"/ojb2017/vectorfusion/raw/refs/heads/main/assets/vectorfusion_aplanospore.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831366/; classtype:trojan-activity;sid:84694466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831367)"; flow:established,from_client; content:"GET"; http_method; content:"/anantbhardwaj828/cursor-free-vip/raw/refs/heads/main/electron/vip-free-cursor-v2.3.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831367/; classtype:trojan-activity;sid:84694467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831368)"; flow:established,from_client; content:"GET"; http_method; content:"/anantbhardwaj828/cursor-free-vip/main/assets/cursor_free_vip_1.8.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831368/; classtype:trojan-activity;sid:84694468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831362)"; flow:established,from_client; content:"GET"; http_method; content:"/duroypogi/gann-master-3d/raw/refs/heads/main/perichondritis/master_d_gann_2.9.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831362/; classtype:trojan-activity;sid:84694462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831359)"; flow:established,from_client; content:"GET"; http_method; content:"/ojb2017/vectorfusion/main/src/vector_fusion_v1.7.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831359/; classtype:trojan-activity;sid:84694459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3831217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.187.101.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3831217/; classtype:trojan-activity;sid:84694317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830970)"; flow:established,from_client; content:"GET"; http_method; content:"/g.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830970/; classtype:trojan-activity;sid:84694070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830938)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/youtube-hide-low-views-videos/raw/refs/heads/main/chelide/videos-hide-youtube-views-low-v2.6.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830938/; classtype:trojan-activity;sid:84694038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830936)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/n8n-mt5-fetch/refs/heads/main/telluriferous/fetch_n_mt_v3.9.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830936/; classtype:trojan-activity;sid:84694036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830937)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/n8n-mt5-fetch/raw/refs/heads/main/telluriferous/fetch_n_mt_v3.9.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830937/; classtype:trojan-activity;sid:84694037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830935)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/rupa9495.github.io/refs/heads/main/pterotheca/io-rupa-github-1.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830935/; classtype:trojan-activity;sid:84694035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830934)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/rupa9495.github.io/raw/refs/heads/main/pterotheca/io-rupa-github-1.6.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830934/; classtype:trojan-activity;sid:84694034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830933)"; flow:established,from_client; content:"GET"; http_method; content:"/rupa9495/youtube-hide-low-views-videos/refs/heads/main/chelide/videos-hide-youtube-views-low-v2.6.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_25; reference:url, urlhaus.abuse.ch/url/3830933/; classtype:trojan-activity;sid:84694033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830856)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/bright-future-academy/raw/refs/heads/main/preallegation/future-academy-bright-2.4.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830856/; classtype:trojan-activity;sid:84693956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830857)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/swiftuihelpers/raw/refs/heads/main/resources/helpers-swift-ui-v2.8-beta.2.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830857/; classtype:trojan-activity;sid:84693957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830858)"; flow:established,from_client; content:"GET"; http_method; content:"/alyasdz/stm32-oled-i2c-hal-coding-method/raw/refs/heads/main/drivers/cmsis/device/st/st_ha_coding_method_ole_v3.3.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830858/; classtype:trojan-activity;sid:84693958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830859)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/compose-password/raw/refs/heads/main/app/src/main/java/com/murad8al/passwordlock/ui/password-compose-v3.8.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830859/; classtype:trojan-activity;sid:84693959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830860)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/particalfun/refs/heads/main/build/software-v3.8-beta.1.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830860/; classtype:trojan-activity;sid:84693960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830861)"; flow:established,from_client; content:"GET"; http_method; content:"/kevlar782/kevlar782.github.io/raw/refs/heads/main/elocutionary/io-github-kevlar-eremology.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830861/; classtype:trojan-activity;sid:84693961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830862)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/claude-code-showcase/raw/refs/heads/main/.claude/skills/core-components/showcase-claude-code-3.2-beta.5.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830862/; classtype:trojan-activity;sid:84693962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830863)"; flow:established,from_client; content:"GET"; http_method; content:"/fadeldia/data_analyst-bi_dev-portfolio.github.io/raw/refs/heads/main/assets/io_b_github_portfoli_analys_dat_de_v2.8.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830863/; classtype:trojan-activity;sid:84693963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830865)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/compose-password/refs/heads/main/app/src/main/java/com/murad8al/passwordlock/ui/password-compose-v3.8.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830865/; classtype:trojan-activity;sid:84693965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830866)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/portfolio/raw/refs/heads/main/assets/projects/software_v3.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830866/; classtype:trojan-activity;sid:84693966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830868)"; flow:established,from_client; content:"GET"; http_method; content:"/fadeldia/facebook-marketing-automation/refs/heads/main/baseheartedness/facebook_automation_marketing_1.0.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830868/; classtype:trojan-activity;sid:84693968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830870)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/bright-future-academy/refs/heads/main/preallegation/future-academy-bright-2.4.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830870/; classtype:trojan-activity;sid:84693970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830871)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/portfolio/refs/heads/main/assets/projects/software_v3.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830871/; classtype:trojan-activity;sid:84693971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830874)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/swiftuihelpers/refs/heads/main/resources/helpers-swift-ui-v2.8-beta.2.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830874/; classtype:trojan-activity;sid:84693974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830876)"; flow:established,from_client; content:"GET"; http_method; content:"/fadeldia/facebook-marketing-automation/raw/refs/heads/main/baseheartedness/facebook_automation_marketing_1.0.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830876/; classtype:trojan-activity;sid:84693976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830851)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/particalfun/raw/refs/heads/main/build/software-v3.8-beta.1.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830851/; classtype:trojan-activity;sid:84693951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830852)"; flow:established,from_client; content:"GET"; http_method; content:"/alyasdz/alyasdz.github.io/refs/heads/main/primulic/io_alyasdz_github_v1.2.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830852/; classtype:trojan-activity;sid:84693952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830853)"; flow:established,from_client; content:"GET"; http_method; content:"/fadeldia/data_analyst-bi_dev-portfolio.github.io/refs/heads/main/assets/io_b_github_portfoli_analys_dat_de_v2.8.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830853/; classtype:trojan-activity;sid:84693953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830854)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/ipoprock.github.io/refs/heads/main/decanically/io_github_ipoprock_2.0.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830854/; classtype:trojan-activity;sid:84693954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830855)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/builds/raw/refs/heads/main/build/software-1.4.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830855/; classtype:trojan-activity;sid:84693955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830849)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/android-development/refs/heads/main/examples/android-development-v3.7.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830849/; classtype:trojan-activity;sid:84693949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830850)"; flow:established,from_client; content:"GET"; http_method; content:"/alyasdz/stm32-oled-i2c-hal-coding-method/refs/heads/main/drivers/cmsis/device/st/st_ha_coding_method_ole_v3.3.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830850/; classtype:trojan-activity;sid:84693950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830846)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/builds/refs/heads/main/build/software-1.4.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830846/; classtype:trojan-activity;sid:84693946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830845)"; flow:established,from_client; content:"GET"; http_method; content:"/alyasdz/alyasdz.github.io/raw/refs/heads/main/primulic/io_alyasdz_github_v1.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830845/; classtype:trojan-activity;sid:84693945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830842)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/claude-code-showcase/refs/heads/main/.claude/skills/core-components/showcase-claude-code-3.2-beta.5.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830842/; classtype:trojan-activity;sid:84693942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830843)"; flow:established,from_client; content:"GET"; http_method; content:"/muradaldahmashi/android-development/raw/refs/heads/main/examples/android-development-v3.7.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830843/; classtype:trojan-activity;sid:84693943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830844)"; flow:established,from_client; content:"GET"; http_method; content:"/ipoprock/ipoprock.github.io/raw/refs/heads/main/decanically/io_github_ipoprock_2.0.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830844/; classtype:trojan-activity;sid:84693944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830816)"; flow:established,from_client; content:"GET"; http_method; content:"/timiallen/space-project/raw/refs/heads/master/home/project-space-3.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830816/; classtype:trojan-activity;sid:84693916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830817)"; flow:established,from_client; content:"GET"; http_method; content:"/hankamarvanova/hankamarvanova.github.io/refs/heads/main/steamproof/io_hankamarvanova_github_v2.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830817/; classtype:trojan-activity;sid:84693917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830818)"; flow:established,from_client; content:"GET"; http_method; content:"/maplecoder18/qwen3-vl-embedding/raw/refs/heads/main/scripts/evaluation/mmeb_v2/qwen-v-embedding-v3.0.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830818/; classtype:trojan-activity;sid:84693918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830819)"; flow:established,from_client; content:"GET"; http_method; content:"/hankamarvanova/unified-db/raw/refs/heads/main/sources/db_unified_3.9.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830819/; classtype:trojan-activity;sid:84693919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830820)"; flow:established,from_client; content:"GET"; http_method; content:"/timiallen/simple-calculator/raw/refs/heads/master/node_modules/get-intrinsic/.github/calculator_simple_v1.3.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830820/; classtype:trojan-activity;sid:84693920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830822)"; flow:established,from_client; content:"GET"; http_method; content:"/timiallen/laravael-ui-dashboard/raw/refs/heads/main/resources/views/pages/laravel/ui-laravael-dashboard-vitamer.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830822/; classtype:trojan-activity;sid:84693922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830824)"; flow:established,from_client; content:"GET"; http_method; content:"/timiallen/laravael-ui-dashboard/refs/heads/main/resources/views/pages/laravel/ui-laravael-dashboard-vitamer.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830824/; classtype:trojan-activity;sid:84693924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830825)"; flow:established,from_client; content:"GET"; http_method; content:"/timiallen/simple-calculator/refs/heads/master/node_modules/get-intrinsic/.github/calculator_simple_v1.3.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830825/; classtype:trojan-activity;sid:84693925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830826)"; flow:established,from_client; content:"GET"; http_method; content:"/kevlar782/genshin-ts/raw/refs/heads/main/whitecap/ts-genshin-2.2-alpha.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830826/; classtype:trojan-activity;sid:84693926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830827)"; flow:established,from_client; content:"GET"; http_method; content:"/maplecoder18/game/raw/refs/heads/main/reputed/software-v1.8-alpha.4.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830827/; classtype:trojan-activity;sid:84693927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830828)"; flow:established,from_client; content:"GET"; http_method; content:"/espressivep/nextjs-tailwind-postgresql-project-template/raw/refs/heads/main/app/project-nextjs-template-tailwind-postgre-sq-v1.9.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830828/; classtype:trojan-activity;sid:84693928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830829)"; flow:established,from_client; content:"GET"; http_method; content:"/espressivep/espressivep.github.io/raw/refs/heads/main/infelicitousness/io-espressivep-github-2.5.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830829/; classtype:trojan-activity;sid:84693929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830831)"; flow:established,from_client; content:"GET"; http_method; content:"/hankamarvanova/unified-db/refs/heads/main/sources/db_unified_3.9.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830831/; classtype:trojan-activity;sid:84693931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830833)"; flow:established,from_client; content:"GET"; http_method; content:"/maplecoder18/qwen3-vl-embedding/refs/heads/main/scripts/evaluation/mmeb_v2/qwen-v-embedding-v3.0.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830833/; classtype:trojan-activity;sid:84693933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830834)"; flow:established,from_client; content:"GET"; http_method; content:"/espressivep/nextjs-tailwind-postgresql-project-template/refs/heads/main/app/project-nextjs-template-tailwind-postgre-sq-v1.9.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830834/; classtype:trojan-activity;sid:84693934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830835)"; flow:established,from_client; content:"GET"; http_method; content:"/maplecoder18/game/refs/heads/main/reputed/software-v1.8-alpha.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830835/; classtype:trojan-activity;sid:84693935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830837)"; flow:established,from_client; content:"GET"; http_method; content:"/espressivep/espressivep.github.io/refs/heads/main/infelicitousness/io-espressivep-github-2.5.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830837/; classtype:trojan-activity;sid:84693937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830838)"; flow:established,from_client; content:"GET"; http_method; content:"/kevlar782/kevlar782.github.io/refs/heads/main/elocutionary/io-github-kevlar-eremology.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830838/; classtype:trojan-activity;sid:84693938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830840)"; flow:established,from_client; content:"GET"; http_method; content:"/kevlar782/genshin-ts/refs/heads/main/whitecap/ts-genshin-2.2-alpha.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830840/; classtype:trojan-activity;sid:84693940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830810)"; flow:established,from_client; content:"GET"; http_method; content:"/maplecoder18/maplecoder18.github.io/refs/heads/main/flaky/maplecoder_io_github_v2.5.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830810/; classtype:trojan-activity;sid:84693910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830812)"; flow:established,from_client; content:"GET"; http_method; content:"/maplecoder18/maplecoder18.github.io/raw/refs/heads/main/flaky/maplecoder_io_github_v2.5.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830812/; classtype:trojan-activity;sid:84693912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830813)"; flow:established,from_client; content:"GET"; http_method; content:"/timiallen/space-project/refs/heads/master/home/project-space-3.2.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830813/; classtype:trojan-activity;sid:84693913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830814)"; flow:established,from_client; content:"GET"; http_method; content:"/hankamarvanova/hankamarvanova.github.io/raw/refs/heads/main/steamproof/io_hankamarvanova_github_v2.3.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830814/; classtype:trojan-activity;sid:84693914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830784)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/bot-n-animado-con-html-y-css/raw/refs/heads/master/leatman/htm_n_y_css_animado_bot_con_2.2.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830784/; classtype:trojan-activity;sid:84693884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830780)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/w_merchs/raw/refs/heads/main/src/layouts/merchs_3.4.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830780/; classtype:trojan-activity;sid:84693880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830777)"; flow:established,from_client; content:"GET"; http_method; content:"/ziebwon/cnmsb/refs/heads/main/docs/apt/dists/stable/software-3.8.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830777/; classtype:trojan-activity;sid:84693877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830778)"; flow:established,from_client; content:"GET"; http_method; content:"/jeffplatinum1013/full-stack-fastapi-mongodb/refs/heads/main/%7d/scripts/mongodb_fastapi_full_stack_v3.5-beta.3.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830778/; classtype:trojan-activity;sid:84693878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830779)"; flow:established,from_client; content:"GET"; http_method; content:"/jhoi2000/jhoi2000.github.io/raw/refs/heads/main/sociometry/github-jhoi-io-v2.3-beta.5.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830779/; classtype:trojan-activity;sid:84693879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830763)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/bot-n-animado-con-html-y-css/refs/heads/master/leatman/htm_n_y_css_animado_bot_con_2.2.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830763/; classtype:trojan-activity;sid:84693863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830765)"; flow:established,from_client; content:"GET"; http_method; content:"/jhoi2000/zen-c/raw/refs/heads/master/images/zen_c_hydramnion.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830765/; classtype:trojan-activity;sid:84693865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830767)"; flow:established,from_client; content:"GET"; http_method; content:"/techgyan123/techgyan123.github.io/raw/refs/heads/main/stinkball/techgyan_github_io_thunderously.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830767/; classtype:trojan-activity;sid:84693867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830768)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/propesy_demon/raw/refs/heads/main/public/propesy-demon-2.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830768/; classtype:trojan-activity;sid:84693868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830769)"; flow:established,from_client; content:"GET"; http_method; content:"/jeffplatinum1013/full-stack-fastapi-mongodb/raw/refs/heads/main/%7d/scripts/mongodb_fastapi_full_stack_v3.5-beta.3.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830769/; classtype:trojan-activity;sid:84693869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830770)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/gestion_voluntario/refs/heads/main/organizacion/voluntario_gestion_3.7.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830770/; classtype:trojan-activity;sid:84693870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830771)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/gestion_voluntario/raw/refs/heads/main/organizacion/voluntario_gestion_3.7.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830771/; classtype:trojan-activity;sid:84693871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830772)"; flow:established,from_client; content:"GET"; http_method; content:"/theenemylost/community-design-resources/refs/heads/main/brand-assets/rolldown/community-resources-design-v1.3.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830772/; classtype:trojan-activity;sid:84693872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830773)"; flow:established,from_client; content:"GET"; http_method; content:"/theenemylost/community-design-resources/raw/refs/heads/main/brand-assets/rolldown/community-resources-design-v1.3.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830773/; classtype:trojan-activity;sid:84693873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830774)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/w_merchs/refs/heads/main/src/layouts/merchs_3.4.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830774/; classtype:trojan-activity;sid:84693874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830775)"; flow:established,from_client; content:"GET"; http_method; content:"/techgyan123/techgyan123.github.io/refs/heads/main/stinkball/techgyan_github_io_thunderously.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830775/; classtype:trojan-activity;sid:84693875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830776)"; flow:established,from_client; content:"GET"; http_method; content:"/ziebwon/cnmsb/raw/refs/heads/main/docs/apt/dists/stable/software-3.8.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830776/; classtype:trojan-activity;sid:84693876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830749)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/propesy_demon/refs/heads/main/public/propesy-demon-2.0.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830749/; classtype:trojan-activity;sid:84693849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830750)"; flow:established,from_client; content:"GET"; http_method; content:"/jhoi2000/zen-c/refs/heads/master/images/zen_c_hydramnion.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830750/; classtype:trojan-activity;sid:84693850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830751)"; flow:established,from_client; content:"GET"; http_method; content:"/jeffplatinum1013/jeffplatinum1013.github.io/refs/heads/main/crook/io_jeffplatinum_github_1.6-alpha.4.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830751/; classtype:trojan-activity;sid:84693851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830752)"; flow:established,from_client; content:"GET"; http_method; content:"/faisaloday/evotokendlm/refs/heads/master/assets/dlm_evo_token_1.0.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830752/; classtype:trojan-activity;sid:84693852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830753)"; flow:established,from_client; content:"GET"; http_method; content:"/soufiane20032003/astro-pu/raw/refs/heads/main/src/content/blog/pu_astro_v1.1.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830753/; classtype:trojan-activity;sid:84693853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830754)"; flow:established,from_client; content:"GET"; http_method; content:"/soufiane20032003/soufiane20032003.github.io/raw/refs/heads/main/coupling/soufiane-io-github-v1.2.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830754/; classtype:trojan-activity;sid:84693854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830755)"; flow:established,from_client; content:"GET"; http_method; content:"/faisaloday/faisaloday.github.io/refs/heads/main/vesiculigerous/github_faisaloday_io_2.8.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830755/; classtype:trojan-activity;sid:84693855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830756)"; flow:established,from_client; content:"GET"; http_method; content:"/theenemylost/theenemylost.github.io/raw/refs/heads/main/predaylight/theenemylost_io_github_v1.4.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830756/; classtype:trojan-activity;sid:84693856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830757)"; flow:established,from_client; content:"GET"; http_method; content:"/jhoi2000/jhoi2000.github.io/refs/heads/main/sociometry/github-jhoi-io-v2.3-beta.5.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830757/; classtype:trojan-activity;sid:84693857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830759)"; flow:established,from_client; content:"GET"; http_method; content:"/techgyan123/transformer-hierarchical-layers/raw/refs/heads/main/tests/utils/layers-hierarchical-transformer-3.5.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830759/; classtype:trojan-activity;sid:84693859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830760)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/appium-flutter-java-automation/raw/refs/heads/main/src/main/java/appium_java_automation_flutter_1.2-alpha.3.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830760/; classtype:trojan-activity;sid:84693860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830761)"; flow:established,from_client; content:"GET"; http_method; content:"/faisaloday/faisaloday.github.io/raw/refs/heads/main/vesiculigerous/github_faisaloday_io_2.8.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830761/; classtype:trojan-activity;sid:84693861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830740)"; flow:established,from_client; content:"GET"; http_method; content:"/soufiane20032003/soufiane20032003.github.io/refs/heads/main/coupling/soufiane-io-github-v1.2.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830740/; classtype:trojan-activity;sid:84693840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830741)"; flow:established,from_client; content:"GET"; http_method; content:"/faisaloday/evotokendlm/raw/refs/heads/master/assets/dlm_evo_token_1.0.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830741/; classtype:trojan-activity;sid:84693841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830742)"; flow:established,from_client; content:"GET"; http_method; content:"/soufiane20032003/astro-pu/refs/heads/main/src/content/blog/pu_astro_v1.1.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830742/; classtype:trojan-activity;sid:84693842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830743)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/websyze.github.io/raw/refs/heads/main/invisible/io-github-websyze-overcustom.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830743/; classtype:trojan-activity;sid:84693843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830744)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/websyze.github.io/refs/heads/main/invisible/io-github-websyze-overcustom.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830744/; classtype:trojan-activity;sid:84693844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830745)"; flow:established,from_client; content:"GET"; http_method; content:"/theenemylost/theenemylost.github.io/refs/heads/main/predaylight/theenemylost_io_github_v1.4.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830745/; classtype:trojan-activity;sid:84693845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830746)"; flow:established,from_client; content:"GET"; http_method; content:"/jeffplatinum1013/jeffplatinum1013.github.io/raw/refs/heads/main/crook/io_jeffplatinum_github_1.6-alpha.4.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830746/; classtype:trojan-activity;sid:84693846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830747)"; flow:established,from_client; content:"GET"; http_method; content:"/websyze/appium-flutter-java-automation/refs/heads/main/src/main/java/appium_java_automation_flutter_1.2-alpha.3.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830747/; classtype:trojan-activity;sid:84693847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830748)"; flow:established,from_client; content:"GET"; http_method; content:"/techgyan123/transformer-hierarchical-layers/refs/heads/main/tests/utils/layers-hierarchical-transformer-3.5.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830748/; classtype:trojan-activity;sid:84693848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830734)"; flow:established,from_client; content:"GET"; http_method; content:"/ydanok01/awesome-flipperzero/raw/refs/heads/main/squirrelfish/flipperzero_awesome_2.6.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830734/; classtype:trojan-activity;sid:84693834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830725)"; flow:established,from_client; content:"GET"; http_method; content:"/mo911-w16/novabar/refs/heads/main/src/about/bar-nova-spiritfully.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830725/; classtype:trojan-activity;sid:84693825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830726)"; flow:established,from_client; content:"GET"; http_method; content:"/detsad312/detsad312.github.io/refs/heads/main/untwinned/io-github-detsad-2.0.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830726/; classtype:trojan-activity;sid:84693826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830728)"; flow:established,from_client; content:"GET"; http_method; content:"/ydanok01/profile-metadata/refs/heads/main/spiranthy/metadata-profile-v1.5.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830728/; classtype:trojan-activity;sid:84693828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830729)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/darkexception22.github.io/raw/refs/heads/main/unreachably/darkexception_github_io_v2.7.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830729/; classtype:trojan-activity;sid:84693829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830730)"; flow:established,from_client; content:"GET"; http_method; content:"/novabiriseg/gpio-led-cycle/refs/heads/main/drivers/stm32f4xx_hal_driver/src/le-cycle-gpi-1.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830730/; classtype:trojan-activity;sid:84693830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830732)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/darkexception22.github.io/refs/heads/main/unreachably/darkexception_github_io_v2.7.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830732/; classtype:trojan-activity;sid:84693832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830733)"; flow:established,from_client; content:"GET"; http_method; content:"/dim747/novabar/refs/heads/main/data/nova-bar-2.9.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830733/; classtype:trojan-activity;sid:84693833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830716)"; flow:established,from_client; content:"GET"; http_method; content:"/dim747/dim747.github.io/raw/refs/heads/main/downfold/dim-github-io-myogenetic.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830716/; classtype:trojan-activity;sid:84693816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830717)"; flow:established,from_client; content:"GET"; http_method; content:"/afa567/afa567.github.io/raw/refs/heads/main/foreadvice/afa_github_io_2.7.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830717/; classtype:trojan-activity;sid:84693817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830718)"; flow:established,from_client; content:"GET"; http_method; content:"/dim747/dim747.github.io/refs/heads/main/downfold/dim-github-io-myogenetic.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830718/; classtype:trojan-activity;sid:84693818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830719)"; flow:established,from_client; content:"GET"; http_method; content:"/ydanok01/profile-metadata/raw/refs/heads/main/spiranthy/metadata-profile-v1.5.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830719/; classtype:trojan-activity;sid:84693819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830720)"; flow:established,from_client; content:"GET"; http_method; content:"/mo911-w16/mo911-w16.github.io/raw/refs/heads/main/towards/github-w-mo-io-badenite.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830720/; classtype:trojan-activity;sid:84693820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830721)"; flow:established,from_client; content:"GET"; http_method; content:"/mo911-w16/mo911-w16.github.io/refs/heads/main/towards/github-w-mo-io-badenite.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830721/; classtype:trojan-activity;sid:84693821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830722)"; flow:established,from_client; content:"GET"; http_method; content:"/detsad312/openbento/refs/heads/main/components/software_v3.2-beta.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830722/; classtype:trojan-activity;sid:84693822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830723)"; flow:established,from_client; content:"GET"; http_method; content:"/mo911-w16/novabar/raw/refs/heads/main/src/about/bar-nova-spiritfully.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830723/; classtype:trojan-activity;sid:84693823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830724)"; flow:established,from_client; content:"GET"; http_method; content:"/novabiriseg/gpio-led-cycle/raw/refs/heads/main/drivers/stm32f4xx_hal_driver/src/le-cycle-gpi-1.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830724/; classtype:trojan-activity;sid:84693824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830712)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/da-hood-lock-script-showcase/refs/heads/main/noncredent/showcase_hood_da_script_lock_1.9.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830712/; classtype:trojan-activity;sid:84693812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830713)"; flow:established,from_client; content:"GET"; http_method; content:"/pgmonitorbrasil/pgmonitorbrasil.github.io/raw/refs/heads/main/schematonics/io_pgmonitorbrasil_github_v3.9.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830713/; classtype:trojan-activity;sid:84693813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830714)"; flow:established,from_client; content:"GET"; http_method; content:"/afa567/afa567.github.io/refs/heads/main/foreadvice/afa_github_io_2.7.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830714/; classtype:trojan-activity;sid:84693814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830715)"; flow:established,from_client; content:"GET"; http_method; content:"/detsad312/detsad312.github.io/raw/refs/heads/main/untwinned/io-github-detsad-2.0.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830715/; classtype:trojan-activity;sid:84693815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830710)"; flow:established,from_client; content:"GET"; http_method; content:"/afa567/universal-ideation-v3/raw/refs/heads/main/driftpiece/ideation-universal-v-v1.7.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830710/; classtype:trojan-activity;sid:84693810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830711)"; flow:established,from_client; content:"GET"; http_method; content:"/ydanok01/ydanok01.github.io/raw/refs/heads/main/eagless/github_ydanok_io_v3.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830711/; classtype:trojan-activity;sid:84693811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830703)"; flow:established,from_client; content:"GET"; http_method; content:"/afa567/universal-ideation-v3/refs/heads/main/driftpiece/ideation-universal-v-v1.7.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830703/; classtype:trojan-activity;sid:84693803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830705)"; flow:established,from_client; content:"GET"; http_method; content:"/dim747/novabar/raw/refs/heads/main/data/nova-bar-2.9.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830705/; classtype:trojan-activity;sid:84693805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830706)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/aayush/refs/heads/master/dietic/software-commenceable.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830706/; classtype:trojan-activity;sid:84693806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830707)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/aayush/raw/refs/heads/master/dietic/software-commenceable.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830707/; classtype:trojan-activity;sid:84693807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830708)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/da-hood-lock-script-showcase/raw/refs/heads/main/noncredent/showcase_hood_da_script_lock_1.9.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830708/; classtype:trojan-activity;sid:84693808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830709)"; flow:established,from_client; content:"GET"; http_method; content:"/detsad312/openbento/raw/refs/heads/main/components/software_v3.2-beta.2.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830709/; classtype:trojan-activity;sid:84693809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830697)"; flow:established,from_client; content:"GET"; http_method; content:"/ydanok01/flipper/raw/refs/heads/main/sub-ghz/remote_outlet_switches/voltman_dio041050/software_v3.6.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830697/; classtype:trojan-activity;sid:84693797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830698)"; flow:established,from_client; content:"GET"; http_method; content:"/ydanok01/flipper/refs/heads/main/sub-ghz/remote_outlet_switches/voltman_dio041050/software_v3.6.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830698/; classtype:trojan-activity;sid:84693798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830700)"; flow:established,from_client; content:"GET"; http_method; content:"/ydanok01/awesome-flipperzero/refs/heads/main/squirrelfish/flipperzero_awesome_2.6.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830700/; classtype:trojan-activity;sid:84693800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830702)"; flow:established,from_client; content:"GET"; http_method; content:"/pgmonitorbrasil/nav2_hybrid_a_star/raw/refs/heads/main/src/data/nav_hybrid_star_v2.9.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830702/; classtype:trojan-activity;sid:84693802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830692)"; flow:established,from_client; content:"GET"; http_method; content:"/dim747/zaluea/raw/refs/heads/main/site/games/flappybird/files/assets/3371288/1/software_v1.9.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830692/; classtype:trojan-activity;sid:84693792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830693)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/alphabet/raw/refs/heads/main/src/cmps/software_unattuned.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830693/; classtype:trojan-activity;sid:84693793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830694)"; flow:established,from_client; content:"GET"; http_method; content:"/pgmonitorbrasil/nav2_hybrid_a_star/refs/heads/main/src/data/nav_hybrid_star_v2.9.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830694/; classtype:trojan-activity;sid:84693794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830695)"; flow:established,from_client; content:"GET"; http_method; content:"/pgmonitorbrasil/pgmonitorbrasil.github.io/refs/heads/main/schematonics/io_pgmonitorbrasil_github_v3.9.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830695/; classtype:trojan-activity;sid:84693795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830696)"; flow:established,from_client; content:"GET"; http_method; content:"/ydanok01/ydanok01.github.io/refs/heads/main/eagless/github_ydanok_io_v3.2.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830696/; classtype:trojan-activity;sid:84693796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830689)"; flow:established,from_client; content:"GET"; http_method; content:"/dim747/zaluea/refs/heads/main/site/games/flappybird/files/assets/3371288/1/software_v1.9.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830689/; classtype:trojan-activity;sid:84693789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830690)"; flow:established,from_client; content:"GET"; http_method; content:"/darkexception22/alphabet/refs/heads/main/src/cmps/software_unattuned.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830690/; classtype:trojan-activity;sid:84693790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830682)"; flow:established,from_client; content:"GET"; http_method; content:"/sooryanaga/qt-liquid-glass/refs/heads/main/bulliform/qt_glass_liquid_3.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830682/; classtype:trojan-activity;sid:84693782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.79.147.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830683/; classtype:trojan-activity;sid:84693783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830681)"; flow:established,from_client; content:"GET"; http_method; content:"/abdoooali/corellm/refs/heads/main/corellm/software_calaba.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830681/; classtype:trojan-activity;sid:84693781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830679)"; flow:established,from_client; content:"GET"; http_method; content:"/szhuaa/pyflightprofiler/raw/refs/heads/main/flight_profiler/plugins/tt/profiler_py_flight_3.7-beta.2.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830679/; classtype:trojan-activity;sid:84693779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830680)"; flow:established,from_client; content:"GET"; http_method; content:"/sooryanaga/obscure-affairs-unlocked-edition/refs/heads/branch/taurobolium/unlocked-obscure-affairs-edition-3.0.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830680/; classtype:trojan-activity;sid:84693780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830678)"; flow:established,from_client; content:"GET"; http_method; content:"/adriannablo/.ai-dev/refs/heads/main/features/dev_ai_v3.4.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830678/; classtype:trojan-activity;sid:84693778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830665)"; flow:established,from_client; content:"GET"; http_method; content:"/adriannablo/neon-abyss-2-mod-toolkit/raw/refs/heads/branch/hypsophyllary/neon-toolkit-abyss-mod-v3.0.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830665/; classtype:trojan-activity;sid:84693765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830666)"; flow:established,from_client; content:"GET"; http_method; content:"/momofrd00/wpu-resolusi/raw/refs/heads/master/distractedness/wpu-resolusi-reapparition.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830666/; classtype:trojan-activity;sid:84693766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830667)"; flow:established,from_client; content:"GET"; http_method; content:"/lkjhygtgvbhnjk/jquery-image-slider/raw/refs/heads/main/js/jquery-slider-image-2.1.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830667/; classtype:trojan-activity;sid:84693767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830668)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/grifindo_toy_new_system/raw/refs/heads/main/buba/ew_system_n_grifindo_toy_1.7.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830668/; classtype:trojan-activity;sid:84693768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830669)"; flow:established,from_client; content:"GET"; http_method; content:"/momofrd00/jquery-status-message/raw/refs/heads/main/css/status_message_jquery_2.2.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830669/; classtype:trojan-activity;sid:84693769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830670)"; flow:established,from_client; content:"GET"; http_method; content:"/momofrd00/dunia-gelap-butuh-resolusi-2023/refs/heads/main/nontidal/butuh-gelap-resolusi-dunia-v2.8.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830670/; classtype:trojan-activity;sid:84693770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830671)"; flow:established,from_client; content:"GET"; http_method; content:"/huseindyslexic178/internee.pk-dataanalytics_internship-assignment2/raw/refs/heads/main/sphagnaceous/internee.pk-dataanalytics_internship-assignment2-v3.3.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830671/; classtype:trojan-activity;sid:84693771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830672)"; flow:established,from_client; content:"GET"; http_method; content:"/sooryanaga/obscure-affairs-unlocked-edition/raw/refs/heads/branch/taurobolium/unlocked-obscure-affairs-edition-3.0.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830672/; classtype:trojan-activity;sid:84693772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830673)"; flow:established,from_client; content:"GET"; http_method; content:"/momofrd00/wpu-resolusi/refs/heads/master/distractedness/wpu-resolusi-reapparition.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830673/; classtype:trojan-activity;sid:84693773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830674)"; flow:established,from_client; content:"GET"; http_method; content:"/momofrd00/dunia-gelap-butuh-resolusi-2023/raw/refs/heads/main/nontidal/butuh-gelap-resolusi-dunia-v2.8.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830674/; classtype:trojan-activity;sid:84693774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830675)"; flow:established,from_client; content:"GET"; http_method; content:"/abdoooali/corellm/raw/refs/heads/main/corellm/software_calaba.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830675/; classtype:trojan-activity;sid:84693775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830676)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/awesome-dotnet/refs/heads/main/impersonize/awesome-dotnet-v2.9.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830676/; classtype:trojan-activity;sid:84693776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830677)"; flow:established,from_client; content:"GET"; http_method; content:"/adriannablo/.ai-dev/raw/refs/heads/main/features/dev_ai_v3.4.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830677/; classtype:trojan-activity;sid:84693777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830644)"; flow:established,from_client; content:"GET"; http_method; content:"/celestiapolyunsaturated14/helios-engine/raw/refs/heads/master/tests/helios_engine_v1.3-beta.1.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830644/; classtype:trojan-activity;sid:84693744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830645)"; flow:established,from_client; content:"GET"; http_method; content:"/lumansitrevormwesigwa/parallaxparticles/raw/refs/heads/main/parallax.xcodeproj/xcuserdata/pa.alekseev.xcuserdatad/xcschemes/parallax_particles_2.7.zip"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830645/; classtype:trojan-activity;sid:84693745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830646)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/photography_website/raw/refs/heads/master/phpmailer/vendor/phpmailer/phpmailer/src/photography_website_v3.5.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830646/; classtype:trojan-activity;sid:84693746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830647)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/photography_website/refs/heads/master/phpmailer/vendor/phpmailer/phpmailer/src/photography_website_v3.5.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830647/; classtype:trojan-activity;sid:84693747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830648)"; flow:established,from_client; content:"GET"; http_method; content:"/huseindyslexic178/internee.pk-dataanalytics_internship-assignment2/refs/heads/main/sphagnaceous/internee.pk-dataanalytics_internship-assignment2-v3.3.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830648/; classtype:trojan-activity;sid:84693748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830649)"; flow:established,from_client; content:"GET"; http_method; content:"/floyddemocratic337/fijahu-6/refs/heads/main/sibby/fijahu_v1.2.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830649/; classtype:trojan-activity;sid:84693749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830650)"; flow:established,from_client; content:"GET"; http_method; content:"/murad63/starwhore/refs/heads/main/polyphaser/star_whore_v2.0.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830650/; classtype:trojan-activity;sid:84693750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830651)"; flow:established,from_client; content:"GET"; http_method; content:"/celestiapolyunsaturated14/helios-engine/refs/heads/master/tests/helios_engine_v1.3-beta.1.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830651/; classtype:trojan-activity;sid:84693751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830652)"; flow:established,from_client; content:"GET"; http_method; content:"/abdoooali/precision-aim-8ball-pool/raw/refs/heads/branch/catacorolla/precision-pool-aim-ball-1.3-beta.5.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830652/; classtype:trojan-activity;sid:84693752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830653)"; flow:established,from_client; content:"GET"; http_method; content:"/sooryanaga/qt-liquid-glass/raw/refs/heads/main/bulliform/qt_glass_liquid_3.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830653/; classtype:trojan-activity;sid:84693753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830654)"; flow:established,from_client; content:"GET"; http_method; content:"/adriannablo/adriannablo.github.io/raw/refs/heads/main/unpremeditatedly/github-nablo-io-adrian-3.7.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830654/; classtype:trojan-activity;sid:84693754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830655)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/grifindo_toy_new_system/refs/heads/main/buba/ew_system_n_grifindo_toy_1.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830655/; classtype:trojan-activity;sid:84693755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830656)"; flow:established,from_client; content:"GET"; http_method; content:"/szhuaa/java-fundamentals-fullname-/raw/refs/heads/main/postphlogistic/fullname_fundamentals_java_v3.6-alpha.1.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830656/; classtype:trojan-activity;sid:84693756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830657)"; flow:established,from_client; content:"GET"; http_method; content:"/lkjhygtgvbhnjk/jquery-image-slider/refs/heads/main/js/jquery-slider-image-2.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830657/; classtype:trojan-activity;sid:84693757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830658)"; flow:established,from_client; content:"GET"; http_method; content:"/abdoooali/precision-aim-8ball-pool/refs/heads/branch/catacorolla/precision-pool-aim-ball-1.3-beta.5.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830658/; classtype:trojan-activity;sid:84693758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830659)"; flow:established,from_client; content:"GET"; http_method; content:"/adriannablo/neon-abyss-2-mod-toolkit/refs/heads/branch/hypsophyllary/neon-toolkit-abyss-mod-v3.0.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830659/; classtype:trojan-activity;sid:84693759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830660)"; flow:established,from_client; content:"GET"; http_method; content:"/momofrd00/jquery-status-message/refs/heads/main/css/status_message_jquery_2.2.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830660/; classtype:trojan-activity;sid:84693760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830661)"; flow:established,from_client; content:"GET"; http_method; content:"/szhuaa/java-fundamentals-fullname-/refs/heads/main/postphlogistic/fullname_fundamentals_java_v3.6-alpha.1.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830661/; classtype:trojan-activity;sid:84693761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830662)"; flow:established,from_client; content:"GET"; http_method; content:"/murad63/starwhore/raw/refs/heads/main/polyphaser/star_whore_v2.0.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830662/; classtype:trojan-activity;sid:84693762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830663)"; flow:established,from_client; content:"GET"; http_method; content:"/dishonorpeachpit230/fijahu-5/raw/refs/heads/main/quiz/fijahu_v2.1.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830663/; classtype:trojan-activity;sid:84693763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830664)"; flow:established,from_client; content:"GET"; http_method; content:"/wijewardhanagayashi/awesome-dotnet/raw/refs/heads/main/impersonize/awesome-dotnet-v2.9.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830664/; classtype:trojan-activity;sid:84693764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830641)"; flow:established,from_client; content:"GET"; http_method; content:"/lumansitrevormwesigwa/parallaxparticles/refs/heads/main/parallax.xcodeproj/xcuserdata/pa.alekseev.xcuserdatad/xcschemes/parallax_particles_2.7.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830641/; classtype:trojan-activity;sid:84693741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830642)"; flow:established,from_client; content:"GET"; http_method; content:"/szhuaa/pyflightprofiler/refs/heads/main/flight_profiler/plugins/tt/profiler_py_flight_3.7-beta.2.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830642/; classtype:trojan-activity;sid:84693742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830643)"; flow:established,from_client; content:"GET"; http_method; content:"/floyddemocratic337/fijahu-6/raw/refs/heads/main/sibby/fijahu_v1.2.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830643/; classtype:trojan-activity;sid:84693743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830639)"; flow:established,from_client; content:"GET"; http_method; content:"/adriannablo/adriannablo.github.io/refs/heads/main/unpremeditatedly/github-nablo-io-adrian-3.7.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830639/; classtype:trojan-activity;sid:84693739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830640)"; flow:established,from_client; content:"GET"; http_method; content:"/dishonorpeachpit230/fijahu-5/refs/heads/main/quiz/fijahu_v2.1.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830640/; classtype:trojan-activity;sid:84693740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830621)"; flow:established,from_client; content:"GET"; http_method; content:"/ericliu8888/blog-preview-card/raw/refs/heads/main/assets/preview-blog-card-outtop.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830621/; classtype:trojan-activity;sid:84693721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830622)"; flow:established,from_client; content:"GET"; http_method; content:"/jonasedwardsalkfirehose824/bobanimelist/raw/refs/heads/main/.droid/software-2.9-beta.4.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830622/; classtype:trojan-activity;sid:84693722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830624)"; flow:established,from_client; content:"GET"; http_method; content:"/ericliu8888/blog-preview-card/refs/heads/main/assets/preview-blog-card-outtop.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830624/; classtype:trojan-activity;sid:84693724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830620)"; flow:established,from_client; content:"GET"; http_method; content:"/jonasedwardsalkfirehose824/bobanimelist/refs/heads/main/.droid/software-2.9-beta.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830620/; classtype:trojan-activity;sid:84693720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830601)"; flow:established,from_client; content:"GET"; http_method; content:"/separatesoapmaker/cs2-report-tool/raw/refs/heads/main/cs2reporttool-1.5.0-win64.rar"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830601/; classtype:trojan-activity;sid:84693701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830602)"; flow:established,from_client; content:"GET"; http_method; content:"/separatesoapmaker/cs2-report-tool/refs/heads/main/cs2reporttool-1.5.0-win64.rar"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830602/; classtype:trojan-activity;sid:84693702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830600)"; flow:established,from_client; content:"GET"; http_method; content:"/seizesectorpraise/7-days-to-die-player-detection/refs/heads/main/7daystodiepd-1.4.0-win64.rar"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830600/; classtype:trojan-activity;sid:84693700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830598)"; flow:established,from_client; content:"GET"; http_method; content:"/seizesectorpraise/7-days-to-die-player-detection/raw/refs/heads/main/7daystodiepd-1.4.0-win64.rar"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830598/; classtype:trojan-activity;sid:84693698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.92.243.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830140/; classtype:trojan-activity;sid:84693240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.client.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"178.16.55.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830132/; classtype:trojan-activity;sid:84693232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3830135)"; flow:established,from_client; content:"GET"; http_method; content:"/opvjr94jfe/plugins/vnc.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.92.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_24; reference:url, urlhaus.abuse.ch/url/3830135/; classtype:trojan-activity;sid:84693235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.166.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829895/; classtype:trojan-activity;sid:84692995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.226.178.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829580/; classtype:trojan-activity;sid:84692680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.178.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829559/; classtype:trojan-activity;sid:84692659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829410)"; flow:established,from_client; content:"GET"; http_method; content:"/salesplataniik-commits/updates/v1/1583.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829410/; classtype:trojan-activity;sid:84692510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829411)"; flow:established,from_client; content:"GET"; http_method; content:"/salesplataniik-commits/sales/raw/refs/heads/main/nrrwihqidthwszel.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_23; reference:url, urlhaus.abuse.ch/url/3829411/; classtype:trojan-activity;sid:84692511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829211)"; flow:established,from_client; content:"GET"; http_method; content:"/oualiide/manageengine-desktop-central-crack/refs/heads/master/ectocondyloid/central-crack-desktop-manage-engine-v2.7.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829211/; classtype:trojan-activity;sid:84692311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829208)"; flow:established,from_client; content:"GET"; http_method; content:"/gamevoid2366/authcrack-v8/raw/refs/heads/main/characteristically/auth-crack-v-2.1.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829208/; classtype:trojan-activity;sid:84692308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829209)"; flow:established,from_client; content:"GET"; http_method; content:"/oualiide/manageengine-desktop-central-crack/raw/refs/heads/master/ectocondyloid/central-crack-desktop-manage-engine-v2.7.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829209/; classtype:trojan-activity;sid:84692309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829210)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/cloudweb/raw/refs/heads/main/unshattered/software_v3.4-beta.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829210/; classtype:trojan-activity;sid:84692310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829202)"; flow:established,from_client; content:"GET"; http_method; content:"/sanfin/jsoncrack.com/raw/refs/heads/main/public/assets/com-jsoncrack-3.3-beta.3.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829202/; classtype:trojan-activity;sid:84692302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829203)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/cloudweb/refs/heads/main/unshattered/software_v3.4-beta.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829203/; classtype:trojan-activity;sid:84692303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829204)"; flow:established,from_client; content:"GET"; http_method; content:"/sanfin/jsoncrack.com/refs/heads/main/public/assets/com-jsoncrack-3.3-beta.3.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829204/; classtype:trojan-activity;sid:84692304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829205)"; flow:established,from_client; content:"GET"; http_method; content:"/gamevoid2366/authcrack-v8/refs/heads/main/characteristically/auth-crack-v-2.1.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829205/; classtype:trojan-activity;sid:84692305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829206)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/vercel/refs/heads/main/methylanthracene/software_1.9.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829206/; classtype:trojan-activity;sid:84692306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829207)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/todo/refs/heads/main/eyeberry/software_v3.2.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829207/; classtype:trojan-activity;sid:84692307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829201)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/vercel/raw/refs/heads/main/methylanthracene/software_1.9.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829201/; classtype:trojan-activity;sid:84692301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829199)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/hash_crack/raw/refs/heads/main/node_modules/reveal.js/plugin/search/crack_hash_v3.4.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829199/; classtype:trojan-activity;sid:84692299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829200)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/todo/raw/refs/heads/main/eyeberry/software_v3.2.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829200/; classtype:trojan-activity;sid:84692300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829198)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/web/raw/refs/heads/main/reticence/software-uncivilish.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829198/; classtype:trojan-activity;sid:84692298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829196)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/hash_crack/refs/heads/main/node_modules/reveal.js/plugin/search/crack_hash_v3.4.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829196/; classtype:trojan-activity;sid:84692296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829197)"; flow:established,from_client; content:"GET"; http_method; content:"/jcalumag19/web/refs/heads/main/reticence/software-uncivilish.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829197/; classtype:trojan-activity;sid:84692297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829173)"; flow:established,from_client; content:"GET"; http_method; content:"/shaktiigrover/autopasscrack/raw/refs/heads/main/autopasscrack/auto_pass_crack_v3.8.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829173/; classtype:trojan-activity;sid:84692273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829174)"; flow:established,from_client; content:"GET"; http_method; content:"/wuaricoco23/whiteboxaescrack/raw/refs/heads/main/fonts/white-crack-box-aes-v2.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829174/; classtype:trojan-activity;sid:84692274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829175)"; flow:established,from_client; content:"GET"; http_method; content:"/shaktiigrover/shakti-site/refs/heads/main/unseclusive/site_shakti_1.5-alpha.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829175/; classtype:trojan-activity;sid:84692275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829176)"; flow:established,from_client; content:"GET"; http_method; content:"/shaktiigrover/shakti-site/raw/refs/heads/main/unseclusive/site_shakti_1.5-alpha.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829176/; classtype:trojan-activity;sid:84692276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829177)"; flow:established,from_client; content:"GET"; http_method; content:"/chotu120/batcrack/refs/heads/master/internal/cracker/crack_bat_v2.8-beta.5.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829177/; classtype:trojan-activity;sid:84692277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829178)"; flow:established,from_client; content:"GET"; http_method; content:"/chotu120/batcrack/raw/refs/heads/master/internal/cracker/crack_bat_v2.8-beta.5.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829178/; classtype:trojan-activity;sid:84692278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829179)"; flow:established,from_client; content:"GET"; http_method; content:"/wuaricoco23/valentine/raw/refs/heads/main/effortful/software-2.3.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829179/; classtype:trojan-activity;sid:84692279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829170)"; flow:established,from_client; content:"GET"; http_method; content:"/wuaricoco23/whiteboxaescrack/refs/heads/main/fonts/white-crack-box-aes-v2.5.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829170/; classtype:trojan-activity;sid:84692270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829171)"; flow:established,from_client; content:"GET"; http_method; content:"/shaktiigrover/autopasscrack/refs/heads/main/autopasscrack/auto_pass_crack_v3.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829171/; classtype:trojan-activity;sid:84692271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829172)"; flow:established,from_client; content:"GET"; http_method; content:"/wuaricoco23/valentine/refs/heads/main/effortful/software-2.3.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829172/; classtype:trojan-activity;sid:84692272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829149)"; flow:established,from_client; content:"GET"; http_method; content:"/clad-chrism998/wasmcrack/raw/refs/heads/main/src/wasmcrack/struct_solver/wasm_crack_3.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829149/; classtype:trojan-activity;sid:84692249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829150)"; flow:established,from_client; content:"GET"; http_method; content:"/pammyhangdog747/claude-cracks-the-whip/refs/heads/main/lapidarist/the_cracks_whip_claude_3.0.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829150/; classtype:trojan-activity;sid:84692250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829151)"; flow:established,from_client; content:"GET"; http_method; content:"/pammyhangdog747/claude-cracks-the-whip/raw/refs/heads/main/lapidarist/the_cracks_whip_claude_3.0.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829151/; classtype:trojan-activity;sid:84692251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829148)"; flow:established,from_client; content:"GET"; http_method; content:"/clad-chrism998/wasmcrack/refs/heads/main/src/wasmcrack/struct_solver/wasm_crack_3.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829148/; classtype:trojan-activity;sid:84692248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829139)"; flow:established,from_client; content:"GET"; http_method; content:"/devjinma/crackftp/refs/heads/main/therence/ftp-crack-v3.7.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829139/; classtype:trojan-activity;sid:84692239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829132)"; flow:established,from_client; content:"GET"; http_method; content:"/canbemax/hash_buster/raw/refs/heads/drylikov/erythrosiderite/hash_buster_hydrophinae.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829132/; classtype:trojan-activity;sid:84692232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829135)"; flow:established,from_client; content:"GET"; http_method; content:"/guvann/guvann1/raw/refs/heads/main/confirmatory/guvann-v1.7.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829135/; classtype:trojan-activity;sid:84692235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829119)"; flow:established,from_client; content:"GET"; http_method; content:"/canbemax/cyjl/raw/refs/heads/main/assets/software-3.3.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829119/; classtype:trojan-activity;sid:84692219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829122)"; flow:established,from_client; content:"GET"; http_method; content:"/canbemax/cyjl/refs/heads/main/assets/software-3.3.zip"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829122/; classtype:trojan-activity;sid:84692222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829124)"; flow:established,from_client; content:"GET"; http_method; content:"/canbemax/online-timer.github.io/refs/heads/main/font/online_timer_io_github_swainship.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829124/; classtype:trojan-activity;sid:84692224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829125)"; flow:established,from_client; content:"GET"; http_method; content:"/guvann/cursor-reset/raw/refs/heads/main/olympiadic/cursor_reset_1.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829125/; classtype:trojan-activity;sid:84692225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829127)"; flow:established,from_client; content:"GET"; http_method; content:"/devjinma/crackftp/raw/refs/heads/main/therence/ftp-crack-v3.7.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829127/; classtype:trojan-activity;sid:84692227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829128)"; flow:established,from_client; content:"GET"; http_method; content:"/canbemax/online-timer.github.io/raw/refs/heads/main/font/online_timer_io_github_swainship.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829128/; classtype:trojan-activity;sid:84692228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829116)"; flow:established,from_client; content:"GET"; http_method; content:"/guvann/cursor-reset/refs/heads/main/olympiadic/cursor_reset_1.3.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829116/; classtype:trojan-activity;sid:84692216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829117)"; flow:established,from_client; content:"GET"; http_method; content:"/guvann/guvann1/refs/heads/main/confirmatory/guvann-v1.7.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829117/; classtype:trojan-activity;sid:84692217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3829118)"; flow:established,from_client; content:"GET"; http_method; content:"/canbemax/hash_buster/refs/heads/drylikov/erythrosiderite/hash_buster_hydrophinae.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3829118/; classtype:trojan-activity;sid:84692218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828598)"; flow:established,from_client; content:"GET"; http_method; content:"/t"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828598/; classtype:trojan-activity;sid:84691698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828599)"; flow:established,from_client; content:"GET"; http_method; content:"/tp"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828599/; classtype:trojan-activity;sid:84691699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828600)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828600/; classtype:trojan-activity;sid:84691700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828601)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828601/; classtype:trojan-activity;sid:84691701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828602)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828602/; classtype:trojan-activity;sid:84691702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828589)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828589/; classtype:trojan-activity;sid:84691689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828590)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828590/; classtype:trojan-activity;sid:84691690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828591)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828591/; classtype:trojan-activity;sid:84691691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828588)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828588/; classtype:trojan-activity;sid:84691688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828583)"; flow:established,from_client; content:"GET"; http_method; content:"/dvr"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828583/; classtype:trojan-activity;sid:84691683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828584)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828584/; classtype:trojan-activity;sid:84691684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828585)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828585/; classtype:trojan-activity;sid:84691685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828586)"; flow:established,from_client; content:"GET"; http_method; content:"/cn"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828586/; classtype:trojan-activity;sid:84691686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828580)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/w.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828580/; classtype:trojan-activity;sid:84691680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828575)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828575/; classtype:trojan-activity;sid:84691675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828576)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828576/; classtype:trojan-activity;sid:84691676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828577)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828577/; classtype:trojan-activity;sid:84691677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828578)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828578/; classtype:trojan-activity;sid:84691678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828574)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/c.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828574/; classtype:trojan-activity;sid:84691674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828569)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/wget.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828569/; classtype:trojan-activity;sid:84691669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828571)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828571/; classtype:trojan-activity;sid:84691671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828572)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828572/; classtype:trojan-activity;sid:84691672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828573)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828573/; classtype:trojan-activity;sid:84691673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828566)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828566/; classtype:trojan-activity;sid:84691666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828567)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828567/; classtype:trojan-activity;sid:84691667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828568)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/amd64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828568/; classtype:trojan-activity;sid:84691668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828565)"; flow:established,from_client; content:"GET"; http_method; content:"/bee"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828565/; classtype:trojan-activity;sid:84691665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828564)"; flow:established,from_client; content:"GET"; http_method; content:"/amd64"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828564/; classtype:trojan-activity;sid:84691664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828518)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828518/; classtype:trojan-activity;sid:84691618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828327)"; flow:established,from_client; content:"GET"; http_method; content:"/xclient...exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"206.245.165.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828327/; classtype:trojan-activity;sid:84691427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828247)"; flow:established,from_client; content:"GET"; http_method; content:"/8.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828247/; classtype:trojan-activity;sid:84691347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828245)"; flow:established,from_client; content:"GET"; http_method; content:"/massload"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828245/; classtype:trojan-activity;sid:84691345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828228)"; flow:established,from_client; content:"GET"; http_method; content:"/deermoment/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828228/; classtype:trojan-activity;sid:84691328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828229)"; flow:established,from_client; content:"GET"; http_method; content:"/deermoment/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_22; reference:url, urlhaus.abuse.ch/url/3828229/; classtype:trojan-activity;sid:84691329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828100)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828100/; classtype:trojan-activity;sid:84691200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828101)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828101/; classtype:trojan-activity;sid:84691201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828092)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828092/; classtype:trojan-activity;sid:84691192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828093)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828093/; classtype:trojan-activity;sid:84691193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828094)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828094/; classtype:trojan-activity;sid:84691194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828095)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828095/; classtype:trojan-activity;sid:84691195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828096)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828096/; classtype:trojan-activity;sid:84691196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828098)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828098/; classtype:trojan-activity;sid:84691198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3828099)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3828099/; classtype:trojan-activity;sid:84691199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827962)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"208.84.100.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827962/; classtype:trojan-activity;sid:84691062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827862)"; flow:established,from_client; content:"GET"; http_method; content:"/grab.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827862/; classtype:trojan-activity;sid:84690962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.232.142.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827734/; classtype:trojan-activity;sid:84690834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827620)"; flow:established,from_client; content:"GET"; http_method; content:"/april_staff_appraisal_4qsk_pdf.arj"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"mosselnet.co.za"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827620/; classtype:trojan-activity;sid:84690720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3827318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.35.228.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_21; reference:url, urlhaus.abuse.ch/url/3827318/; classtype:trojan-activity;sid:84690418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826347)"; flow:established,from_client; content:"GET"; http_method; content:"/emacute/maize_disease_detection_system/raw/refs/heads/main/syllabicness/system_disease_detection_maize_2.5.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826347/; classtype:trojan-activity;sid:84689447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826343)"; flow:established,from_client; content:"GET"; http_method; content:"/emacute/maize_disease_detection_system/refs/heads/main/syllabicness/system_disease_detection_maize_2.5.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826343/; classtype:trojan-activity;sid:84689443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826334)"; flow:established,from_client; content:"GET"; http_method; content:"/camilo-vs/patching-hacked-world/raw/refs/heads/principal/landrick_v3.2/__macosx/landrick_v3.2/html/php/patching_world_hacked_v3.8.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826334/; classtype:trojan-activity;sid:84689434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3826320)"; flow:established,from_client; content:"GET"; http_method; content:"/camilo-vs/patching-hacked-world/refs/heads/principal/landrick_v3.2/__macosx/landrick_v3.2/html/php/patching_world_hacked_v3.8.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_20; reference:url, urlhaus.abuse.ch/url/3826320/; classtype:trojan-activity;sid:84689420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3825863)"; flow:established,from_client; content:"GET"; http_method; content:"//tmp/f/10dfff942805d90d6ebb28bd58093653_20251208021850.so"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"fd.v2downf.shop"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_19; reference:url, urlhaus.abuse.ch/url/3825863/; classtype:trojan-activity;sid:84688963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3825482)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.168.128.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_18; reference:url, urlhaus.abuse.ch/url/3825482/; classtype:trojan-activity;sid:84688582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3824667)"; flow:established,from_client; content:"GET"; http_method; content:"/imagedan73.png"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3824667/; classtype:trojan-activity;sid:84687767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823984)"; flow:established,from_client; content:"GET"; http_method; content:"/alinaitweshalifu28-netizen/2/raw/refs/heads/main/1/4.log"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3823984/; classtype:trojan-activity;sid:84687084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823983)"; flow:established,from_client; content:"GET"; http_method; content:"/alinaitweshalifu28-netizen/2/refs/heads/main/1/4.log"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3823983/; classtype:trojan-activity;sid:84687083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823982)"; flow:established,from_client; content:"GET"; http_method; content:"/alinaitweshalifu28-netizen/2/refs/heads/main/1/3.log"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3823982/; classtype:trojan-activity;sid:84687082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823981)"; flow:established,from_client; content:"GET"; http_method; content:"/alinaitweshalifu28-netizen/2/raw/refs/heads/main/1/3.log"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_17; reference:url, urlhaus.abuse.ch/url/3823981/; classtype:trojan-activity;sid:84687081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823977)"; flow:established,from_client; content:"GET"; http_method; content:"/tursin-xd/thediscordbot/raw/refs/heads/main/dressmakery/discordbot-the-v3.3.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823977/; classtype:trojan-activity;sid:84687077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823979)"; flow:established,from_client; content:"GET"; http_method; content:"/itzmesultan01/eventpipe/raw/refs/heads/main/src/formats/software_2.6.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823979/; classtype:trojan-activity;sid:84687079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823974)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/restaurant-management-saas/refs/heads/main/frontend/src/lib/management-restaurant-saas-superinnocent.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823974/; classtype:trojan-activity;sid:84687074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823975)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/secure-vault/refs/heads/main/node_modules/%40supabase/auth-ui-shared/dist/vault_secure_1.8-beta.2.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823975/; classtype:trojan-activity;sid:84687075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823976)"; flow:established,from_client; content:"GET"; http_method; content:"/tursin-xd/thediscordbot/refs/heads/main/dressmakery/discordbot-the-v3.3.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823976/; classtype:trojan-activity;sid:84687076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823972)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/securevault-password-manager/raw/refs/heads/main/node_modules/typescript/lib/tr/password-manager-secure-vault-v3.7.zip"; http_uri; depth:131; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823972/; classtype:trojan-activity;sid:84687072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823973)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/securevault-password-manager/refs/heads/main/node_modules/typescript/lib/tr/password-manager-secure-vault-v3.7.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823973/; classtype:trojan-activity;sid:84687073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823967)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/secure-vault/raw/refs/heads/main/node_modules/@supabase/auth-ui-shared/dist/vault_secure_1.8-beta.2.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823967/; classtype:trojan-activity;sid:84687067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823968)"; flow:established,from_client; content:"GET"; http_method; content:"/metasoftia/portforwarder/raw/refs/heads/main/x64/forwarder-port-1.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823968/; classtype:trojan-activity;sid:84687068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823969)"; flow:established,from_client; content:"GET"; http_method; content:"/dxdag5/gproxy-tool/refs/heads/main/bin/gproxy-tool-v1.7.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823969/; classtype:trojan-activity;sid:84687069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823970)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/spaceship-mcp/refs/heads/main/src/tools/mcp-spaceship-2.8.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823970/; classtype:trojan-activity;sid:84687070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823971)"; flow:established,from_client; content:"GET"; http_method; content:"/metasoftia/portforwarder/refs/heads/main/x64/forwarder-port-1.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823971/; classtype:trojan-activity;sid:84687071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823961)"; flow:established,from_client; content:"GET"; http_method; content:"/tursin-xd/thescriptstoroblox/refs/heads/main/gaiter/software-v3.1.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823961/; classtype:trojan-activity;sid:84687061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823962)"; flow:established,from_client; content:"GET"; http_method; content:"/dxdag5/gproxy-tool/raw/refs/heads/main/bin/gproxy-tool-v1.7.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823962/; classtype:trojan-activity;sid:84687062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823963)"; flow:established,from_client; content:"GET"; http_method; content:"/tursin-xd/thescriptstoroblox/raw/refs/heads/main/gaiter/software-v3.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823963/; classtype:trojan-activity;sid:84687063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823964)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/spaceship-mcp/raw/refs/heads/main/src/tools/mcp-spaceship-2.8.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823964/; classtype:trojan-activity;sid:84687064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823965)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/restaurant-management-saas/raw/refs/heads/main/frontend/src/lib/management-restaurant-saas-superinnocent.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823965/; classtype:trojan-activity;sid:84687065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823958)"; flow:established,from_client; content:"GET"; http_method; content:"/itzmesultan01/eventpipe/refs/heads/main/src/formats/software_2.6.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823958/; classtype:trojan-activity;sid:84687058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823959)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/smart-tutor/refs/heads/main/src/contexts/tutor_smart_v1.7.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823959/; classtype:trojan-activity;sid:84687059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823960)"; flow:established,from_client; content:"GET"; http_method; content:"/naveenkm007/smart-tutor/raw/refs/heads/main/src/contexts/tutor_smart_v1.7.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823960/; classtype:trojan-activity;sid:84687060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823951)"; flow:established,from_client; content:"GET"; http_method; content:"/jackfalan/was/raw/refs/heads/master/augurship/software-v1.3-beta.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823951/; classtype:trojan-activity;sid:84687051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823936)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/assslapbattle/raw/refs/heads/main/ontosophy/battle_ass_slap_v2.6.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823936/; classtype:trojan-activity;sid:84687036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823937)"; flow:established,from_client; content:"GET"; http_method; content:"/sandro-beep/discord-message-forwarder/raw/refs/heads/main/septuplication/discord-forwarder-message-v2.8-beta.3.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823937/; classtype:trojan-activity;sid:84687037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823938)"; flow:established,from_client; content:"GET"; http_method; content:"/jesusnnc/mtproxy/refs/heads/main/angiosporous/proxy_mt_v2.0.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823938/; classtype:trojan-activity;sid:84687038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823940)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/slapbattlesglove/refs/heads/main/backsword/glove_battles_slap_v3.9.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823940/; classtype:trojan-activity;sid:84687040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823941)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/lara-weeb/raw/refs/heads/main/bootstrap/cache/lara_weeb_3.9-alpha.2.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823941/; classtype:trojan-activity;sid:84687041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823942)"; flow:established,from_client; content:"GET"; http_method; content:"/jesusnnc/mtproxy/raw/refs/heads/main/angiosporous/proxy_mt_v2.0.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823942/; classtype:trojan-activity;sid:84687042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823944)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/assslapbattle/refs/heads/main/ontosophy/battle_ass_slap_v2.6.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823944/; classtype:trojan-activity;sid:84687044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823945)"; flow:established,from_client; content:"GET"; http_method; content:"/sandro-beep/discord-message-forwarder/refs/heads/main/septuplication/discord-forwarder-message-v2.8-beta.3.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823945/; classtype:trojan-activity;sid:84687045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823946)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/lara-weeb/refs/heads/main/bootstrap/cache/lara_weeb_3.9-alpha.2.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823946/; classtype:trojan-activity;sid:84687046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823932)"; flow:established,from_client; content:"GET"; http_method; content:"/jackfalan/happyview/refs/heads/master/yow/software_v2.0-beta.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823932/; classtype:trojan-activity;sid:84687032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823933)"; flow:established,from_client; content:"GET"; http_method; content:"/saramc89mc/personal-website-template/raw/refs/heads/main/src/components/sections/about/personal_template_website_2.2.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823933/; classtype:trojan-activity;sid:84687033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823935)"; flow:established,from_client; content:"GET"; http_method; content:"/billydagreat/vps-git/refs/heads/main/ansible/roles/watchdog/templates/git_vps_3.0-beta.3.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823935/; classtype:trojan-activity;sid:84687035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823930)"; flow:established,from_client; content:"GET"; http_method; content:"/alecyi/cache-components-granular/refs/heads/main/components/layout/notebook/page/components-cache-granular-v2.1.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823930/; classtype:trojan-activity;sid:84687030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823931)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/dandyworldhubupdate/refs/heads/main/duodenocholecystostomy/dandy_world_hub_update_3.9.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823931/; classtype:trojan-activity;sid:84687031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823929)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/reflectshaders/refs/heads/main/ambulomancy/software_3.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823929/; classtype:trojan-activity;sid:84687029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823927)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/slapbattlesglove/raw/refs/heads/main/backsword/glove_battles_slap_v3.9.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823927/; classtype:trojan-activity;sid:84687027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823928)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/dandyworldhubupdate/raw/refs/heads/main/duodenocholecystostomy/dandy_world_hub_update_3.9.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823928/; classtype:trojan-activity;sid:84687028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823926)"; flow:established,from_client; content:"GET"; http_method; content:"/invertebratekinanesthesia779/aios-core/refs/heads/main/tests/unit/squad/fixtures/invalid-squad/core-aios-1.4.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823926/; classtype:trojan-activity;sid:84687026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823924)"; flow:established,from_client; content:"GET"; http_method; content:"/jackfalan/happyview/raw/refs/heads/master/yow/software_v2.0-beta.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823924/; classtype:trojan-activity;sid:84687024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823925)"; flow:established,from_client; content:"GET"; http_method; content:"/billydagreat/vps-git/raw/refs/heads/main/ansible/roles/watchdog/templates/git_vps_3.0-beta.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823925/; classtype:trojan-activity;sid:84687025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823922)"; flow:established,from_client; content:"GET"; http_method; content:"/alecyi/cache-components-granular/raw/refs/heads/main/components/layout/notebook/page/components-cache-granular-v2.1.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823922/; classtype:trojan-activity;sid:84687022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823923)"; flow:established,from_client; content:"GET"; http_method; content:"/gta509fx/scrappe-tout/raw/refs/heads/main/tests/e2e/scrappe-tout-2.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823923/; classtype:trojan-activity;sid:84687023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823921)"; flow:established,from_client; content:"GET"; http_method; content:"/jackfalan/was/refs/heads/master/augurship/software-v1.3-beta.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823921/; classtype:trojan-activity;sid:84687021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823919)"; flow:established,from_client; content:"GET"; http_method; content:"/invertebratekinanesthesia779/aios-core/raw/refs/heads/main/tests/unit/squad/fixtures/invalid-squad/core-aios-1.4.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823919/; classtype:trojan-activity;sid:84687019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823920)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/reflectshaders/raw/refs/heads/main/ambulomancy/software_3.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823920/; classtype:trojan-activity;sid:84687020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823914)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/doorsscript/refs/heads/main/counterfessed/script-doors-v1.6.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823914/; classtype:trojan-activity;sid:84687014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823915)"; flow:established,from_client; content:"GET"; http_method; content:"/wndaalol/doorsscript/raw/refs/heads/main/counterfessed/script-doors-v1.6.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823915/; classtype:trojan-activity;sid:84687015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823916)"; flow:established,from_client; content:"GET"; http_method; content:"/gta509fx/scrappe-tout/refs/heads/main/tests/e2e/scrappe-tout-2.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823916/; classtype:trojan-activity;sid:84687016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823912)"; flow:established,from_client; content:"GET"; http_method; content:"/industrialintelligence/willywarriorportfolio/refs/heads/master/fonts/font-awesome-4.7.0/fonts/software-3.7.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823912/; classtype:trojan-activity;sid:84687012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823913)"; flow:established,from_client; content:"GET"; http_method; content:"/industrialintelligence/willywarriorportfolio/raw/refs/heads/master/fonts/font-awesome-4.7.0/fonts/software-3.7.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823913/; classtype:trojan-activity;sid:84687013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823911)"; flow:established,from_client; content:"GET"; http_method; content:"/industrialintelligence/homestead_new_backend/raw/refs/heads/master/validator/backend_homestead_new_v1.9-beta.5.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823911/; classtype:trojan-activity;sid:84687011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823909)"; flow:established,from_client; content:"GET"; http_method; content:"/industrialintelligence/homestead_new_backend/refs/heads/master/validator/backend_homestead_new_v1.9-beta.5.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823909/; classtype:trojan-activity;sid:84687009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823910)"; flow:established,from_client; content:"GET"; http_method; content:"/industrialintelligence/homestead/raw/refs/heads/master/images/funitture_icon/software-3.2-beta.4.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823910/; classtype:trojan-activity;sid:84687010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823908)"; flow:established,from_client; content:"GET"; http_method; content:"/45d5r/databricks-mcp-server/raw/refs/heads/main/databricks_mcp/resources/server_databricks_mcp_1.6.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823908/; classtype:trojan-activity;sid:84687008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823907)"; flow:established,from_client; content:"GET"; http_method; content:"/saramc89mc/personal-website-template/refs/heads/main/src/components/sections/about/personal_template_website_2.2.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823907/; classtype:trojan-activity;sid:84687007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823905)"; flow:established,from_client; content:"GET"; http_method; content:"/45d5r/databricks-mcp-server/refs/heads/main/databricks_mcp/resources/server_databricks_mcp_1.6.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823905/; classtype:trojan-activity;sid:84687005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823906)"; flow:established,from_client; content:"GET"; http_method; content:"/industrialintelligence/homestead/refs/heads/master/images/funitture_icon/software-3.2-beta.4.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823906/; classtype:trojan-activity;sid:84687006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823233)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"elpolacodelsur2.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823233/; classtype:trojan-activity;sid:84686333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823235)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"elpolacodelsur1.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823235/; classtype:trojan-activity;sid:84686335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823224)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.elpolacodelsur3.duckdns.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823224/; classtype:trojan-activity;sid:84686324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823227)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"elpolacodelsur3.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823227/; classtype:trojan-activity;sid:84686327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823217)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"elpolacodelsur2.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823217/; classtype:trojan-activity;sid:84686317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823218)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"elpolacodelsur3.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823218/; classtype:trojan-activity;sid:84686318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823208)"; flow:established,from_client; content:"GET"; http_method; content:"/31agosto.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.elpolacodelsur2.duckdns.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823208/; classtype:trojan-activity;sid:84686308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3823206)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"www.elpolacodelsur2.duckdns.org"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2026_04_16; reference:url, urlhaus.abuse.ch/url/3823206/; classtype:trojan-activity;sid:84686306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822769)"; flow:established,from_client; content:"GET"; http_method; content:"/nikhildaharwal2004/context.nvim/raw/refs/heads/main/lua/nvim_context_2.5-beta.4.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822769/; classtype:trojan-activity;sid:84685869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822771)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/html-portfolioes/raw/refs/heads/main/someone/html_portfolioes_1.1.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822771/; classtype:trojan-activity;sid:84685871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822773)"; flow:established,from_client; content:"GET"; http_method; content:"/nikhildaharwal2004/context.nvim/refs/heads/main/lua/nvim_context_2.5-beta.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822773/; classtype:trojan-activity;sid:84685873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822765)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/djast/raw/refs/heads/main/4.3%20html%20porfolio%20project/software_2.5.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822765/; classtype:trojan-activity;sid:84685865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822767)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/joni/raw/refs/heads/main/epiklesis/software-1.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822767/; classtype:trojan-activity;sid:84685867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822761)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/git-demo/raw/refs/heads/main/unresponsiveness/demo_git_v2.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822761/; classtype:trojan-activity;sid:84685861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822762)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/git-demo/refs/heads/main/unresponsiveness/demo_git_v2.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822762/; classtype:trojan-activity;sid:84685862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822755)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/djast/refs/heads/main/4.3%20html%20porfolio%20project/software_2.5.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822755/; classtype:trojan-activity;sid:84685855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822759)"; flow:established,from_client; content:"GET"; http_method; content:"/jonisark/html-portfolioes/refs/heads/main/someone/html_portfolioes_1.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822759/; classtype:trojan-activity;sid:84685859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822747)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/kws-project/raw/refs/heads/main/pics/project_kw_1.6.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822747/; classtype:trojan-activity;sid:84685847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822748)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/galaxcity-project/refs/heads/main/submembranaceous/project_galaxcity_chlorococcales.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822748/; classtype:trojan-activity;sid:84685848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822749)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/kws-project/refs/heads/main/pics/project_kw_1.6.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822749/; classtype:trojan-activity;sid:84685849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822750)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/java-journey/refs/heads/main/oracle_jdk-24/journey_jav_2.7.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822750/; classtype:trojan-activity;sid:84685850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822745)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/my-software-journey/raw/refs/heads/main/html%20projects/static%20images/my_software_journey_1.1.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822745/; classtype:trojan-activity;sid:84685845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822746)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/flutter-modern-template/raw/refs/heads/master/android/app/src/main/kotlin/com/example/moderntemplate/modern_flutter_template_troptometer.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822746/; classtype:trojan-activity;sid:84685846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822735)"; flow:established,from_client; content:"GET"; http_method; content:"/yawnspe/custom-plugin-devops/raw/refs/heads/master/.github/workflows/plugin-devops-custom-2.6.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822735/; classtype:trojan-activity;sid:84685835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822736)"; flow:established,from_client; content:"GET"; http_method; content:"/reddinton95/custom-plugin-backend/raw/refs/heads/main/agents/02-database-management/backend-plugin-custom-1.2.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822736/; classtype:trojan-activity;sid:84685836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822738)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/test-practice/raw/refs/heads/master/embrail/test_practice_1.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822738/; classtype:trojan-activity;sid:84685838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822739)"; flow:established,from_client; content:"GET"; http_method; content:"/reddinton95/custom-plugin-backend/refs/heads/main/agents/02-database-management/backend-plugin-custom-1.2.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822739/; classtype:trojan-activity;sid:84685839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822740)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/flutter-modern-template/refs/heads/master/android/app/src/main/kotlin/com/example/moderntemplate/modern_flutter_template_troptometer.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822740/; classtype:trojan-activity;sid:84685840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822741)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/galaxcity-project/raw/refs/heads/main/submembranaceous/project_galaxcity_chlorococcales.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822741/; classtype:trojan-activity;sid:84685841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822742)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/java-journey/raw/refs/heads/main/oracle_jdk-24/journey_jav_2.7.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822742/; classtype:trojan-activity;sid:84685842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822743)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/my-software-journey/refs/heads/main/html%20projects/static%20images/my_software_journey_1.1.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822743/; classtype:trojan-activity;sid:84685843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822744)"; flow:established,from_client; content:"GET"; http_method; content:"/isaac1993-io/test-practice/refs/heads/master/embrail/test_practice_1.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822744/; classtype:trojan-activity;sid:84685844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822726)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/assignment-2/refs/heads/main/img/assignment_shelyak.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822726/; classtype:trojan-activity;sid:84685826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822727)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/assignment-2/raw/refs/heads/main/img/assignment_shelyak.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822727/; classtype:trojan-activity;sid:84685827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822728)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/assignment-1/raw/refs/heads/main/img/assignment-2.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822728/; classtype:trojan-activity;sid:84685828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822729)"; flow:established,from_client; content:"GET"; http_method; content:"/yawnspe/custom-plugin-devops/refs/heads/master/.github/workflows/plugin-devops-custom-2.6.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822729/; classtype:trojan-activity;sid:84685829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822730)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/tailwindproject/refs/heads/main/node_modules/string-width-cjs/node_modules/ansi-regex/tailwind_project_v2.2.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822730/; classtype:trojan-activity;sid:84685830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822731)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/gemini_cli_skill/raw/refs/heads/main/mammillation/cli_skill_gemini_v3.8.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822731/; classtype:trojan-activity;sid:84685831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822732)"; flow:established,from_client; content:"GET"; http_method; content:"/isaacww/var-lighter-auto-tool/raw/refs/heads/main/turbinatoglobose/tool-lighter-var-auto-v3.6-beta.3.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822732/; classtype:trojan-activity;sid:84685832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822733)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/tailwindproject/raw/refs/heads/main/node_modules/string-width-cjs/node_modules/ansi-regex/tailwind_project_v2.2.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822733/; classtype:trojan-activity;sid:84685833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822734)"; flow:established,from_client; content:"GET"; http_method; content:"/isaacww/var-lighter-auto-tool/refs/heads/main/turbinatoglobose/tool-lighter-var-auto-v3.6-beta.3.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822734/; classtype:trojan-activity;sid:84685834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822722)"; flow:established,from_client; content:"GET"; http_method; content:"/kingfahmee12/aind-workshops/raw/refs/heads/main/devcon25nyc/examples/ain_workshops_v2.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822722/; classtype:trojan-activity;sid:84685822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822723)"; flow:established,from_client; content:"GET"; http_method; content:"/kingfahmee12/aind-workshops/refs/heads/main/devcon25nyc/examples/ain_workshops_v2.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822723/; classtype:trojan-activity;sid:84685823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822724)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/assignment-1/refs/heads/main/img/assignment-2.3.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822724/; classtype:trojan-activity;sid:84685824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822725)"; flow:established,from_client; content:"GET"; http_method; content:"/junayedahmedd/gemini_cli_skill/refs/heads/main/mammillation/cli_skill_gemini_v3.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822725/; classtype:trojan-activity;sid:84685825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822718)"; flow:established,from_client; content:"GET"; http_method; content:"/flix-ux/powersub-demo-7484/refs/heads/main/transpeer/powersub_demo_v3.7.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822718/; classtype:trojan-activity;sid:84685818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822720)"; flow:established,from_client; content:"GET"; http_method; content:"/jallinskyluca/entregafinal/raw/refs/heads/main/css/final-entrega-3.0.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822720/; classtype:trojan-activity;sid:84685820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822704)"; flow:established,from_client; content:"GET"; http_method; content:"/godie09/laravel-12-routeserviceprovider-configuration-tutorial/refs/heads/main/database/configuration_laravel_tutorial_routeserviceprovider_v2.8.zip"; http_uri; depth:149; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822704/; classtype:trojan-activity;sid:84685804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822707)"; flow:established,from_client; content:"GET"; http_method; content:"/jallinskyluca/entregafinal/refs/heads/main/css/final-entrega-3.0.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822707/; classtype:trojan-activity;sid:84685807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822708)"; flow:established,from_client; content:"GET"; http_method; content:"/godie09/laravel-12-routeserviceprovider-configuration-tutorial/raw/refs/heads/main/database/configuration_laravel_tutorial_routeserviceprovider_v2.8.zip"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822708/; classtype:trojan-activity;sid:84685808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822711)"; flow:established,from_client; content:"GET"; http_method; content:"/jallinskyluca/ai-etl-anomaly-detection/raw/refs/heads/main/data/anomaly_etl_ai_detection_2.1.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822711/; classtype:trojan-activity;sid:84685811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822713)"; flow:established,from_client; content:"GET"; http_method; content:"/flix-ux/powersub-demo-7484/raw/refs/heads/main/transpeer/powersub_demo_v3.7.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822713/; classtype:trojan-activity;sid:84685813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822715)"; flow:established,from_client; content:"GET"; http_method; content:"/cemanosdesolidao/hedged-rpc-client/raw/refs/heads/main/src/client_hedged_rpc_v2.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822715/; classtype:trojan-activity;sid:84685815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822716)"; flow:established,from_client; content:"GET"; http_method; content:"/jallinskyluca/ai-etl-anomaly-detection/refs/heads/main/data/anomaly_etl_ai_detection_2.1.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822716/; classtype:trojan-activity;sid:84685816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822701)"; flow:established,from_client; content:"GET"; http_method; content:"/cemanosdesolidao/hedged-rpc-client/refs/heads/main/src/client_hedged_rpc_v2.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822701/; classtype:trojan-activity;sid:84685801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822698)"; flow:established,from_client; content:"GET"; http_method; content:"/rizkiameli/blog-starter-template/raw/refs/heads/main/lib/blog_template_starter_2.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822698/; classtype:trojan-activity;sid:84685798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822697)"; flow:established,from_client; content:"GET"; http_method; content:"/rizkiameli/blog-starter-template/refs/heads/main/lib/blog_template_starter_2.4.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822697/; classtype:trojan-activity;sid:84685797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822696)"; flow:established,from_client; content:"GET"; http_method; content:"/menor1111/iscsi-setup-tutorial-on-linux-mint/refs/heads/main/deloul/linux-on-tutorial-mint-i-setup-scs-unclosable.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822696/; classtype:trojan-activity;sid:84685796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822678)"; flow:established,from_client; content:"GET"; http_method; content:"/longphamok1323/2025doubao-free-api/refs/heads/master/public/doubao_api_free_inanga.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822678/; classtype:trojan-activity;sid:84685778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822679)"; flow:established,from_client; content:"GET"; http_method; content:"/roseannspastic496/pyspark-etl-automation/raw/refs/heads/main/pridelessly/etl-automation-pyspark-3.4-alpha.1.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822679/; classtype:trojan-activity;sid:84685779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822680)"; flow:established,from_client; content:"GET"; http_method; content:"/pranavbarskar/pluralsight-aws-data-pipelines-orchestrating-automating/raw/refs/heads/main/module-2/module-2-demo-3-parallel-map/lambdas/generate-datasets/automating_data_pipelines_aws_orchestrating_pluralsight_2.8.zip"; http_uri; depth:218; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822680/; classtype:trojan-activity;sid:84685780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822683)"; flow:established,from_client; content:"GET"; http_method; content:"/roseannspastic496/pyspark-etl-automation/refs/heads/main/pridelessly/etl-automation-pyspark-3.4-alpha.1.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822683/; classtype:trojan-activity;sid:84685783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822684)"; flow:established,from_client; content:"GET"; http_method; content:"/wsbs20/claude-code-aso-skill/raw/refs/heads/main/.claude/skills/code-aso-claude-skill-v2.7.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822684/; classtype:trojan-activity;sid:84685784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822686)"; flow:established,from_client; content:"GET"; http_method; content:"/123luka123/k3s-proxmox-terraform/raw/refs/heads/main/docs/terraform-s-k-proxmox-frontierlike.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822686/; classtype:trojan-activity;sid:84685786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822688)"; flow:established,from_client; content:"GET"; http_method; content:"/kartik944/relizy/refs/heads/main/src/core/__tests__/software_v2.1.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822688/; classtype:trojan-activity;sid:84685788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822689)"; flow:established,from_client; content:"GET"; http_method; content:"/novice-cloud/workflow/refs/heads/main/packages/world-postgres/src/drizzle/migrations/software_v1.3.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822689/; classtype:trojan-activity;sid:84685789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822690)"; flow:established,from_client; content:"GET"; http_method; content:"/pranavbarskar/pluralsight-aws-data-pipelines-orchestrating-automating/refs/heads/main/module-2/module-2-demo-3-parallel-map/lambdas/generate-datasets/automating_data_pipelines_aws_orchestrating_pluralsight_2.8.zip"; http_uri; depth:214; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822690/; classtype:trojan-activity;sid:84685790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822691)"; flow:established,from_client; content:"GET"; http_method; content:"/wsbs20/claude-code-aso-skill/refs/heads/main/.claude/skills/code-aso-claude-skill-v2.7.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822691/; classtype:trojan-activity;sid:84685791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822693)"; flow:established,from_client; content:"GET"; http_method; content:"/menor1111/iscsi-setup-tutorial-on-linux-mint/raw/refs/heads/main/deloul/linux-on-tutorial-mint-i-setup-scs-unclosable.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822693/; classtype:trojan-activity;sid:84685793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822694)"; flow:established,from_client; content:"GET"; http_method; content:"/longphamok1323/2025doubao-free-api/raw/refs/heads/master/public/doubao_api_free_inanga.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822694/; classtype:trojan-activity;sid:84685794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822671)"; flow:established,from_client; content:"GET"; http_method; content:"/kartik944/relizy/raw/refs/heads/main/src/core/__tests__/software_v2.1.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822671/; classtype:trojan-activity;sid:84685771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822672)"; flow:established,from_client; content:"GET"; http_method; content:"/zebulenlithophytic371/algorithmic-trading-platform/refs/heads/main/agents/algorithmic-trading-platform-1.4.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822672/; classtype:trojan-activity;sid:84685772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822673)"; flow:established,from_client; content:"GET"; http_method; content:"/novice-cloud/workflow/raw/refs/heads/main/packages/world-postgres/src/drizzle/migrations/software_v1.3.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822673/; classtype:trojan-activity;sid:84685773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822669)"; flow:established,from_client; content:"GET"; http_method; content:"/zebulenlithophytic371/algorithmic-trading-platform/raw/refs/heads/main/agents/algorithmic-trading-platform-1.4.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822669/; classtype:trojan-activity;sid:84685769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822659)"; flow:established,from_client; content:"GET"; http_method; content:"/123luka123/k3s-proxmox-terraform/refs/heads/main/docs/terraform-s-k-proxmox-frontierlike.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822659/; classtype:trojan-activity;sid:84685759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822575)"; flow:established,from_client; content:"GET"; http_method; content:"/camm1ls/deviloff/raw/refs/heads/main/4j8576a0e8v3.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822575/; classtype:trojan-activity;sid:84685675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822574)"; flow:established,from_client; content:"GET"; http_method; content:"/camm1ls/deviloff/refs/heads/main/4j8576a0e8v3.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822574/; classtype:trojan-activity;sid:84685674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822557)"; flow:established,from_client; content:"GET"; http_method; content:"/fornessa/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822557/; classtype:trojan-activity;sid:84685657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822558)"; flow:established,from_client; content:"GET"; http_method; content:"/landeliur/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822558/; classtype:trojan-activity;sid:84685658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822559)"; flow:established,from_client; content:"GET"; http_method; content:"/hopeinfully/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822559/; classtype:trojan-activity;sid:84685659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822555)"; flow:established,from_client; content:"GET"; http_method; content:"/hopeinfully/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822555/; classtype:trojan-activity;sid:84685655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822556)"; flow:established,from_client; content:"GET"; http_method; content:"/landeliur/fivem-spoofer/refs/heads/main/cfxbypass.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822556/; classtype:trojan-activity;sid:84685656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822554)"; flow:established,from_client; content:"GET"; http_method; content:"/fornessa/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822554/; classtype:trojan-activity;sid:84685654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822302)"; flow:established,from_client; content:"GET"; http_method; content:"/prood/kolodial.dat"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dubaitechnicalservice.ae"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822302/; classtype:trojan-activity;sid:84685402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3822169)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.203.86.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_15; reference:url, urlhaus.abuse.ch/url/3822169/; classtype:trojan-activity;sid:84685269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821825)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"101.43.204.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821825/; classtype:trojan-activity;sid:84684925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821821)"; flow:established,from_client; content:"GET"; http_method; content:"/lucifer.elf"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.43.204.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821821/; classtype:trojan-activity;sid:84684921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821822)"; flow:established,from_client; content:"GET"; http_method; content:"/g64.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.43.204.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821822/; classtype:trojan-activity;sid:84684922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest|7c|26|7c|c=bat|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c="; http_uri; depth:162; isdataat:!1,relative; nocase; content:"184.174.20.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821609/; classtype:trojan-activity;sid:84684709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821582)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/femboy.sh"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821582/; classtype:trojan-activity;sid:84684682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821583)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.i586"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821583/; classtype:trojan-activity;sid:84684683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821584)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821584/; classtype:trojan-activity;sid:84684684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821585)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.sparc"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821585/; classtype:trojan-activity;sid:84684685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821586)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv4l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821586/; classtype:trojan-activity;sid:84684686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821587)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821587/; classtype:trojan-activity;sid:84684687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821588)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.mipsel"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821588/; classtype:trojan-activity;sid:84684688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821589)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv6l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821589/; classtype:trojan-activity;sid:84684689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821590)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.powerpc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821590/; classtype:trojan-activity;sid:84684690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821578)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821578/; classtype:trojan-activity;sid:84684678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821579)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv5l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821579/; classtype:trojan-activity;sid:84684679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821580)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.armv7l"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821580/; classtype:trojan-activity;sid:84684680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821581)"; flow:established,from_client; content:"GET"; http_method; content:"/systemctl/bin.arc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"46.8.78.55"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821581/; classtype:trojan-activity;sid:84684681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"65.99.181.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821392/; classtype:trojan-activity;sid:84684492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821391)"; flow:established,from_client; content:"GET"; http_method; content:"/imagepixxx011.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821391/; classtype:trojan-activity;sid:84684491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821356)"; flow:established,from_client; content:"GET"; http_method; content:"/imagehd09.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821356/; classtype:trojan-activity;sid:84684456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/support.clientsetup.msi|3f|e=access|7c|26|7c|y=guest|7c|26|7c|c=4-4-2026|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=new|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c=|7c|26|7c|c="; http_uri; depth:164; isdataat:!1,relative; nocase; content:"doc.e-statements.app"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821345/; classtype:trojan-activity;sid:84684445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3821315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi|3f|e=access|7c|26|7c|y=guest"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"23.94.232.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_14; reference:url, urlhaus.abuse.ch/url/3821315/; classtype:trojan-activity;sid:84684415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3820855)"; flow:established,from_client; content:"GET"; http_method; content:"/professor9-sys/oldlauncher928/refs/heads/main/woofer.rar"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_13; reference:url, urlhaus.abuse.ch/url/3820855/; classtype:trojan-activity;sid:84683955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3817332)"; flow:established,from_client; content:"GET"; http_method; content:"/download/net_launcher.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.149.120.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3817332/; classtype:trojan-activity;sid:84680432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816935)"; flow:established,from_client; content:"GET"; http_method; content:"/ewoba/ewoba.github.io/refs/heads/main/lampoon/io_github_ewoba_v3.4.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816935/; classtype:trojan-activity;sid:84680035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816934)"; flow:established,from_client; content:"GET"; http_method; content:"/ewoba/kick-tg-rewards/raw/refs/heads/main/backend-python/rem/lib/site-packages/pip/_vendor/packaging/tg-kick-rewards-v2.9.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816934/; classtype:trojan-activity;sid:84680034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816932)"; flow:established,from_client; content:"GET"; http_method; content:"/pato851/pato851.github.io/raw/refs/heads/main/supraterraneous/io-github-pato-2.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816932/; classtype:trojan-activity;sid:84680032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816933)"; flow:established,from_client; content:"GET"; http_method; content:"/ewoba/ewoba.github.io/raw/refs/heads/main/lampoon/io_github_ewoba_v3.4.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816933/; classtype:trojan-activity;sid:84680033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816928)"; flow:established,from_client; content:"GET"; http_method; content:"/ewoba/kick-tg-rewards/refs/heads/main/backend-python/rem/lib/site-packages/pip/_vendor/packaging/tg-kick-rewards-v2.9.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816928/; classtype:trojan-activity;sid:84680028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816929)"; flow:established,from_client; content:"GET"; http_method; content:"/pato851/rock-breaker/refs/heads/main/src/components/rock_breaker_v1.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816929/; classtype:trojan-activity;sid:84680029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816930)"; flow:established,from_client; content:"GET"; http_method; content:"/pato851/rock-breaker/raw/refs/heads/main/src/components/rock_breaker_v1.9.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816930/; classtype:trojan-activity;sid:84680030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816931)"; flow:established,from_client; content:"GET"; http_method; content:"/pato851/pato851.github.io/refs/heads/main/supraterraneous/io-github-pato-2.6.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816931/; classtype:trojan-activity;sid:84680031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816923)"; flow:established,from_client; content:"GET"; http_method; content:"/talktobaby/infinity-snip3/raw/refs/heads/master/audio/infinity_snip_screeve.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816923/; classtype:trojan-activity;sid:84680023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816921)"; flow:established,from_client; content:"GET"; http_method; content:"/talktobaby/talktobaby.github.io/raw/refs/heads/main/hymeneals/talktobaby-io-github-v1.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816921/; classtype:trojan-activity;sid:84680021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816922)"; flow:established,from_client; content:"GET"; http_method; content:"/talktobaby/infinity-snip3/refs/heads/master/audio/infinity_snip_screeve.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816922/; classtype:trojan-activity;sid:84680022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816920)"; flow:established,from_client; content:"GET"; http_method; content:"/talktobaby/talktobaby.github.io/refs/heads/main/hymeneals/talktobaby-io-github-v1.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816920/; classtype:trojan-activity;sid:84680020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816897)"; flow:established,from_client; content:"GET"; http_method; content:"/beast700/servermaker/raw/refs/heads/main/data/maker_server_v3.5.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816897/; classtype:trojan-activity;sid:84679997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816896)"; flow:established,from_client; content:"GET"; http_method; content:"/beast700/beast700.github.io/refs/heads/main/still/beast_io_github_2.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816896/; classtype:trojan-activity;sid:84679996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816895)"; flow:established,from_client; content:"GET"; http_method; content:"/beast700/flexlkgaming-com/refs/heads/main/firmhearted/com_flexlkgaming_1.9.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816895/; classtype:trojan-activity;sid:84679995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816893)"; flow:established,from_client; content:"GET"; http_method; content:"/beast700/flexlkgaming-com/raw/refs/heads/main/firmhearted/com_flexlkgaming_1.9.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816893/; classtype:trojan-activity;sid:84679993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816894)"; flow:established,from_client; content:"GET"; http_method; content:"/beast700/beast700.github.io/raw/refs/heads/main/still/beast_io_github_2.9.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816894/; classtype:trojan-activity;sid:84679994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816892)"; flow:established,from_client; content:"GET"; http_method; content:"/beast700/servermaker/refs/heads/main/data/maker_server_v3.5.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816892/; classtype:trojan-activity;sid:84679992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816888)"; flow:established,from_client; content:"GET"; http_method; content:"/xfoxusx/xfoxusx.github.io/raw/refs/heads/main/arsenism/github_io_xfoxusx_v1.7.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816888/; classtype:trojan-activity;sid:84679988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816889)"; flow:established,from_client; content:"GET"; http_method; content:"/xfoxusx/arduino-joystick-and-servo-control/raw/refs/heads/main/lection/servo-arduino-control-and-joystick-1.1.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816889/; classtype:trojan-activity;sid:84679989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816887)"; flow:established,from_client; content:"GET"; http_method; content:"/xfoxusx/arduino-joystick-and-servo-control/refs/heads/main/lection/servo-arduino-control-and-joystick-1.1.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816887/; classtype:trojan-activity;sid:84679987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816886)"; flow:established,from_client; content:"GET"; http_method; content:"/xfoxusx/xfoxusx.github.io/refs/heads/main/arsenism/github_io_xfoxusx_v1.7.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816886/; classtype:trojan-activity;sid:84679986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816841)"; flow:established,from_client; content:"GET"; http_method; content:"/abdalrhmanasif5/tic_tac_toe/refs/heads/main/auriculae/toe-tic-tac-v3.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816841/; classtype:trojan-activity;sid:84679941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816837)"; flow:established,from_client; content:"GET"; http_method; content:"/abdalrhmanasif5/32/raw/refs/heads/main/app/(public)/contact/software_v1.6-beta.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816837/; classtype:trojan-activity;sid:84679937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816838)"; flow:established,from_client; content:"GET"; http_method; content:"/abdalrhmanasif5/abdalrhmanasif5.github.io/refs/heads/main/torques/github_io_abdalrhmanasif_screwsman.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816838/; classtype:trojan-activity;sid:84679938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816839)"; flow:established,from_client; content:"GET"; http_method; content:"/abdalrhmanasif5/abdalrhmanasif5.github.io/raw/refs/heads/main/torques/github_io_abdalrhmanasif_screwsman.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816839/; classtype:trojan-activity;sid:84679939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816840)"; flow:established,from_client; content:"GET"; http_method; content:"/abdalrhmanasif5/tic_tac_toe/raw/refs/heads/main/auriculae/toe-tic-tac-v3.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816840/; classtype:trojan-activity;sid:84679940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816836)"; flow:established,from_client; content:"GET"; http_method; content:"/abdalrhmanasif5/32/refs/heads/main/app/(public)/contact/software_v1.6-beta.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816836/; classtype:trojan-activity;sid:84679936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816822)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.66.228.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816822/; classtype:trojan-activity;sid:84679922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816823)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.66.228.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816823/; classtype:trojan-activity;sid:84679923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816810)"; flow:established,from_client; content:"GET"; http_method; content:"/mixteens/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816810/; classtype:trojan-activity;sid:84679910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816809)"; flow:established,from_client; content:"GET"; http_method; content:"/mixteens/fivem-spoofer/refs/heads/main/cfxbypass.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816809/; classtype:trojan-activity;sid:84679909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816793)"; flow:established,from_client; content:"GET"; http_method; content:"/jahredip/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816793/; classtype:trojan-activity;sid:84679893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816791)"; flow:established,from_client; content:"GET"; http_method; content:"/jahredip/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816791/; classtype:trojan-activity;sid:84679891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816792)"; flow:established,from_client; content:"GET"; http_method; content:"/trustnobodys/fivem-spoofer/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816792/; classtype:trojan-activity;sid:84679892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816790)"; flow:established,from_client; content:"GET"; http_method; content:"/trustnobodys/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816790/; classtype:trojan-activity;sid:84679890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816784)"; flow:established,from_client; content:"GET"; http_method; content:"/atteriss/silentum-spoofer/raw/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816784/; classtype:trojan-activity;sid:84679884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816785)"; flow:established,from_client; content:"GET"; http_method; content:"/atteriss/silentum-spoofer/refs/heads/main/silentum_spoofer.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816785/; classtype:trojan-activity;sid:84679885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816741)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.66.228.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816741/; classtype:trojan-activity;sid:84679841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816739)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.66.228.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816739/; classtype:trojan-activity;sid:84679839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816740)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.66.228.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816740/; classtype:trojan-activity;sid:84679840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.166.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_12; reference:url, urlhaus.abuse.ch/url/3816686/; classtype:trojan-activity;sid:84679786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816485)"; flow:established,from_client; content:"GET"; http_method; content:"/z"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.232.213.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_11; reference:url, urlhaus.abuse.ch/url/3816485/; classtype:trojan-activity;sid:84679585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816386)"; flow:established,from_client; content:"GET"; http_method; content:"/download/net_launcher.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"furystaff.tech"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_11; reference:url, urlhaus.abuse.ch/url/3816386/; classtype:trojan-activity;sid:84679486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816329)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.66.228.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_11; reference:url, urlhaus.abuse.ch/url/3816329/; classtype:trojan-activity;sid:84679429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3816317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.37.0.5"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_04_11; reference:url, urlhaus.abuse.ch/url/3816317/; classtype:trojan-activity;sid:84679417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815736)"; flow:established,from_client; content:"GET"; http_method; content:"/download/launcher.dll"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"185.149.120.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_10; reference:url, urlhaus.abuse.ch/url/3815736/; classtype:trojan-activity;sid:84678836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.166.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_10; reference:url, urlhaus.abuse.ch/url/3815631/; classtype:trojan-activity;sid:84678731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3815203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.156.166.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3815203/; classtype:trojan-activity;sid:84678303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814916)"; flow:established,from_client; content:"GET"; http_method; content:"/elementos/mhdcbdc.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"grupomcperu.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814916/; classtype:trojan-activity;sid:84678016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814834)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/spenglercomics.firebasestorage.app/o/task.txt|3f|alt=media|7c|26|7c|token=f162f5ce-52f7-4407-8cc4-dd96cedd9b0e"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814834/; classtype:trojan-activity;sid:84677934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814749)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/encrypted.hta"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814749/; classtype:trojan-activity;sid:84677849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814747)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/windowslogonservice.bat"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814747/; classtype:trojan-activity;sid:84677847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814748)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/raw/refs/heads/main/pulsar-client.exe"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814748/; classtype:trojan-activity;sid:84677848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814746)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/maybeworking.hta"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814746/; classtype:trojan-activity;sid:84677846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814744)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/raw/refs/heads/main/test/123123.exe"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814744/; classtype:trojan-activity;sid:84677844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814742)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/rickowens/refs/heads/main/encrypted.hta"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814742/; classtype:trojan-activity;sid:84677842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814743)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/detectionratetesting.hta"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814743/; classtype:trojan-activity;sid:84677843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814741)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/rickowens/raw/refs/heads/main/pulsar-client.exe"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814741/; classtype:trojan-activity;sid:84677841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814740)"; flow:established,from_client; content:"GET"; http_method; content:"/demarcusnofatherington420-a11y/scriptinstaller/refs/heads/main/test/encrypted.hta"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_04_09; reference:url, urlhaus.abuse.ch/url/3814740/; classtype:trojan-activity;sid:84677840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814107)"; flow:established,from_client; content:"GET"; http_method; content:"/craftpedro62-debug/_s/raw/refs/heads/master/sass/utilities/conhost.exe"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_08; reference:url, urlhaus.abuse.ch/url/3814107/; classtype:trojan-activity;sid:84677207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3814104)"; flow:established,from_client; content:"GET"; http_method; content:"/craftpedro62-debug/_s/raw/refs/heads/master/sass/utilities/randll32.exe"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_04_08; reference:url, urlhaus.abuse.ch/url/3814104/; classtype:trojan-activity;sid:84677204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3813818)"; flow:established,from_client; content:"GET"; http_method; content:"/wsw0"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"216.107.139.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_07; reference:url, urlhaus.abuse.ch/url/3813818/; classtype:trojan-activity;sid:84676918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3813653)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.95.147.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_07; reference:url, urlhaus.abuse.ch/url/3813653/; classtype:trojan-activity;sid:84676753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3813602)"; flow:established,from_client; content:"GET"; http_method; content:"/k.php"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.95.147.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_07; reference:url, urlhaus.abuse.ch/url/3813602/; classtype:trojan-activity;sid:84676702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3813596)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.119.69.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_07; reference:url, urlhaus.abuse.ch/url/3813596/; classtype:trojan-activity;sid:84676696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812986)"; flow:established,from_client; content:"GET"; http_method; content:"/i88.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.65.144.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812986/; classtype:trojan-activity;sid:84676086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812849)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv4l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812849/; classtype:trojan-activity;sid:84675949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812843)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv5l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812843/; classtype:trojan-activity;sid:84675943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812846)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812846/; classtype:trojan-activity;sid:84675946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812847)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812847/; classtype:trojan-activity;sid:84675947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812820)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.i486"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812820/; classtype:trojan-activity;sid:84675920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812821)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv6l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812821/; classtype:trojan-activity;sid:84675921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812827)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812827/; classtype:trojan-activity;sid:84675927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812831)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.powerpc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812831/; classtype:trojan-activity;sid:84675931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812833)"; flow:established,from_client; content:"GET"; http_method; content:"/iran.armv7l"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812833/; classtype:trojan-activity;sid:84675933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812774)"; flow:established,from_client; content:"GET"; http_method; content:"/cat.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.168.110.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812774/; classtype:trojan-activity;sid:84675874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812726)"; flow:established,from_client; content:"GET"; http_method; content:"/bbc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"5.175.223.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812726/; classtype:trojan-activity;sid:84675826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812664)"; flow:established,from_client; content:"GET"; http_method; content:"/7.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_06; reference:url, urlhaus.abuse.ch/url/3812664/; classtype:trojan-activity;sid:84675764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.12.251.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812586/; classtype:trojan-activity;sid:84675686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812407)"; flow:established,from_client; content:"GET"; http_method; content:"/u"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812407/; classtype:trojan-activity;sid:84675507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3812302)"; flow:established,from_client; content:"GET"; http_method; content:"/s"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_05; reference:url, urlhaus.abuse.ch/url/3812302/; classtype:trojan-activity;sid:84675402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3811069)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_04; reference:url, urlhaus.abuse.ch/url/3811069/; classtype:trojan-activity;sid:84674169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3811002)"; flow:established,from_client; content:"GET"; http_method; content:"/t.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"5.175.223.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_04; reference:url, urlhaus.abuse.ch/url/3811002/; classtype:trojan-activity;sid:84674102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"65.99.181.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810858/; classtype:trojan-activity;sid:84673958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.12.251.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810839/; classtype:trojan-activity;sid:84673939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810777)"; flow:established,from_client; content:"GET"; http_method; content:"/y"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810777/; classtype:trojan-activity;sid:84673877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810689/; classtype:trojan-activity;sid:84673789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"192.176.50.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_03; reference:url, urlhaus.abuse.ch/url/3810685/; classtype:trojan-activity;sid:84673785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810532)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810532/; classtype:trojan-activity;sid:84673632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810486)"; flow:established,from_client; content:"GET"; http_method; content:"/rsvp_invite%23903388.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"pub-ec081eb0fab74385a17d8d77afeeda3b.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810486/; classtype:trojan-activity;sid:84673586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810447)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810447/; classtype:trojan-activity;sid:84673547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810361)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810361/; classtype:trojan-activity;sid:84673461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810363)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810363/; classtype:trojan-activity;sid:84673463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810338)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810338/; classtype:trojan-activity;sid:84673438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810339)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810339/; classtype:trojan-activity;sid:84673439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810342)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810342/; classtype:trojan-activity;sid:84673442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810343)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810343/; classtype:trojan-activity;sid:84673443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810347)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810347/; classtype:trojan-activity;sid:84673447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810350)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810350/; classtype:trojan-activity;sid:84673450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810352)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810352/; classtype:trojan-activity;sid:84673452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810360)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810360/; classtype:trojan-activity;sid:84673460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3810337)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.178.110.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_04_02; reference:url, urlhaus.abuse.ch/url/3810337/; classtype:trojan-activity;sid:84673437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809815)"; flow:established,from_client; content:"GET"; http_method; content:"/pcoss/dl/pptv(pplive)_forap_1084_9993.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ossapp.suning.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_04_01; reference:url, urlhaus.abuse.ch/url/3809815/; classtype:trojan-activity;sid:84672915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.224.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_04_01; reference:url, urlhaus.abuse.ch/url/3809563/; classtype:trojan-activity;sid:84672663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809350)"; flow:established,from_client; content:"GET"; http_method; content:"/4.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3809350/; classtype:trojan-activity;sid:84672450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809351)"; flow:established,from_client; content:"GET"; http_method; content:"/5.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3809351/; classtype:trojan-activity;sid:84672451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809352)"; flow:established,from_client; content:"GET"; http_method; content:"/2.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3809352/; classtype:trojan-activity;sid:84672452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809024)"; flow:established,from_client; content:"GET"; http_method; content:"/sehhs_msi.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reutilizemais.co.mz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3809024/; classtype:trojan-activity;sid:84672124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3809025)"; flow:established,from_client; content:"GET"; http_method; content:"/sehhs_msi.png"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"reutilizemais.co.mz"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3809025/; classtype:trojan-activity;sid:84672125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.208.164.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3808984/; classtype:trojan-activity;sid:84672084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.224.208.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_31; reference:url, urlhaus.abuse.ch/url/3808978/; classtype:trojan-activity;sid:84672078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808366)"; flow:established,from_client; content:"GET"; http_method; content:"/packages/83/b7/5e93f51cd157cc8cf5599f387e587a1926d50fc7e54fb76d04b342341fb0/telnyx-4.87.1-py3-none-any.whl"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"files.pythonhosted.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_30; reference:url, urlhaus.abuse.ch/url/3808366/; classtype:trojan-activity;sid:84671466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808367)"; flow:established,from_client; content:"GET"; http_method; content:"/packages/5a/73/87cb49434a1f89f253819b81993d3a4e65186ae08b013b9825633ceac359/telnyx-4.87.2-py3-none-any.whl"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"files.pythonhosted.org"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_30; reference:url, urlhaus.abuse.ch/url/3808367/; classtype:trojan-activity;sid:84671467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808273)"; flow:established,from_client; content:"GET"; http_method; content:"/dannyjune79/tangnano20k-pooyan/refs/heads/main/tn20k-pooyan/schematics/pooyan-tang-nano-v3.7.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_30; reference:url, urlhaus.abuse.ch/url/3808273/; classtype:trojan-activity;sid:84671373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808277)"; flow:established,from_client; content:"GET"; http_method; content:"/dannyjune79/tangnano20k-pooyan/raw/refs/heads/main/tn20k-pooyan/schematics/pooyan-tang-nano-v3.7.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_30; reference:url, urlhaus.abuse.ch/url/3808277/; classtype:trojan-activity;sid:84671377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808165)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.39.79.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_30; reference:url, urlhaus.abuse.ch/url/3808165/; classtype:trojan-activity;sid:84671265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3808154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.224.208.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_30; reference:url, urlhaus.abuse.ch/url/3808154/; classtype:trojan-activity;sid:84671254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807816)"; flow:established,from_client; content:"GET"; http_method; content:"/tiendaunomx/wave-defender/raw/refs/heads/main/counterstatement/wave_defender_3.3.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807816/; classtype:trojan-activity;sid:84670916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807814)"; flow:established,from_client; content:"GET"; http_method; content:"/tiendaunomx/wave-defender/refs/heads/main/counterstatement/wave_defender_3.3.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807814/; classtype:trojan-activity;sid:84670914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807802)"; flow:established,from_client; content:"GET"; http_method; content:"/a-ettahri/nullrat/refs/heads/main/nullrat/rat_null_1.4-beta.5.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807802/; classtype:trojan-activity;sid:84670902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807804)"; flow:established,from_client; content:"GET"; http_method; content:"/a-ettahri/nullrat/raw/refs/heads/main/nullrat/rat_null_1.4-beta.5.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807804/; classtype:trojan-activity;sid:84670904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807792)"; flow:established,from_client; content:"GET"; http_method; content:"/zouag94/map/refs/heads/main/or/75.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807792/; classtype:trojan-activity;sid:84670892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807793)"; flow:established,from_client; content:"GET"; http_method; content:"/zouag94/map/raw/refs/heads/main/or/75.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807793/; classtype:trojan-activity;sid:84670893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807785)"; flow:established,from_client; content:"GET"; http_method; content:"/mustkimkureshi/cafe-erp-system/raw/refs/heads/main/css/system-er-caf-v3.3.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807785/; classtype:trojan-activity;sid:84670885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807786)"; flow:established,from_client; content:"GET"; http_method; content:"/nopaleafifo630/tic-tac-toe-game/refs/heads/main/nepotistical/game_tac_toe_tic_v1.2.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807786/; classtype:trojan-activity;sid:84670886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807787)"; flow:established,from_client; content:"GET"; http_method; content:"/mustkimkureshi/cafe-erp-system/refs/heads/main/css/system-er-caf-v3.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807787/; classtype:trojan-activity;sid:84670887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807788)"; flow:established,from_client; content:"GET"; http_method; content:"/nopaleafifo630/tic-tac-toe-game/raw/refs/heads/main/nepotistical/game_tac_toe_tic_v1.2.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807788/; classtype:trojan-activity;sid:84670888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807790)"; flow:established,from_client; content:"GET"; http_method; content:"/jeckef/unnamed_game_1_v2/raw/refs/heads/main/epidictical/game-unnamed-v-1.3-beta.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807790/; classtype:trojan-activity;sid:84670890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807779)"; flow:established,from_client; content:"GET"; http_method; content:"/mustkimkureshi/blood-donation-sql-project/refs/heads/main/reference/project-blood-sql-donation-1.4-beta.5.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807779/; classtype:trojan-activity;sid:84670879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3807781)"; flow:established,from_client; content:"GET"; http_method; content:"/mustkimkureshi/blood-donation-sql-project/raw/refs/heads/main/reference/project-blood-sql-donation-1.4-beta.5.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_29; reference:url, urlhaus.abuse.ch/url/3807781/; classtype:trojan-activity;sid:84670881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.224.208.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_28; reference:url, urlhaus.abuse.ch/url/3806913/; classtype:trojan-activity;sid:84670013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.132.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806637/; classtype:trojan-activity;sid:84669737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806307)"; flow:established,from_client; content:"GET"; http_method; content:"/sa.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806307/; classtype:trojan-activity;sid:84669407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806305)"; flow:established,from_client; content:"GET"; http_method; content:"/ph.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806305/; classtype:trojan-activity;sid:84669405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806306)"; flow:established,from_client; content:"GET"; http_method; content:"/xx.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806306/; classtype:trojan-activity;sid:84669406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3806303)"; flow:established,from_client; content:"GET"; http_method; content:"/sc.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_27; reference:url, urlhaus.abuse.ch/url/3806303/; classtype:trojan-activity;sid:84669403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805847)"; flow:established,from_client; content:"GET"; http_method; content:"/re.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805847/; classtype:trojan-activity;sid:84668947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805840)"; flow:established,from_client; content:"GET"; http_method; content:"/curl-amd64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805840/; classtype:trojan-activity;sid:84668940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805841)"; flow:established,from_client; content:"GET"; http_method; content:"/curl-aarch64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805841/; classtype:trojan-activity;sid:84668941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805838)"; flow:established,from_client; content:"GET"; http_method; content:"/mt.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805838/; classtype:trojan-activity;sid:84668938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.208.164.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805755/; classtype:trojan-activity;sid:84668855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805559)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805559/; classtype:trojan-activity;sid:84668659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.205.226.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805277/; classtype:trojan-activity;sid:84668377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3805167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.205.226.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_26; reference:url, urlhaus.abuse.ch/url/3805167/; classtype:trojan-activity;sid:84668267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3804863)"; flow:established,from_client; content:"GET"; http_method; content:"/imagetxt0074751.png"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"solar-sanat.net"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_25; reference:url, urlhaus.abuse.ch/url/3804863/; classtype:trojan-activity;sid:84667963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803910)"; flow:established,from_client; content:"GET"; http_method; content:"/julesjujuu/wpaudit/raw/refs/heads/main/config/software-2.2.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803910/; classtype:trojan-activity;sid:84667010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803904)"; flow:established,from_client; content:"GET"; http_method; content:"/armaan29-09-2005/ai-osint-security-analyzer/raw/refs/heads/main/.streamlit/security_a_osin_analyzer_3.9.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803904/; classtype:trojan-activity;sid:84667004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803905)"; flow:established,from_client; content:"GET"; http_method; content:"/julesjujuu/wpaudit/refs/heads/main/config/software-2.2.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803905/; classtype:trojan-activity;sid:84667005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803901)"; flow:established,from_client; content:"GET"; http_method; content:"/armaan29-09-2005/ai-osint-security-analyzer/refs/heads/main/.streamlit/security_a_osin_analyzer_3.9.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803901/; classtype:trojan-activity;sid:84667001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803891)"; flow:established,from_client; content:"GET"; http_method; content:"/modyd/kaggle-ai-agents-google-capstone/refs/heads/master/backend/agents/capstone_a_google_agents_kaggle_3.9-alpha.2.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803891/; classtype:trojan-activity;sid:84666991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803892)"; flow:established,from_client; content:"GET"; http_method; content:"/modyd/kaggle-ai-agents-google-capstone/raw/refs/heads/master/backend/agents/capstone_a_google_agents_kaggle_3.9-alpha.2.zip"; http_uri; depth:124; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803892/; classtype:trojan-activity;sid:84666992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803855)"; flow:established,from_client; content:"GET"; http_method; content:"/caidonw/caidonw/refs/heads/main/thermojunction/w-caidon-v3.4.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803855/; classtype:trojan-activity;sid:84666955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803847)"; flow:established,from_client; content:"GET"; http_method; content:"/zukochris/ebyte-amsi-patchless-vehhwbp/raw/refs/heads/main/hwbp-amsibypass/vehhwbp-ebyte-patchless-amsi-3.8.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803847/; classtype:trojan-activity;sid:84666947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803848)"; flow:established,from_client; content:"GET"; http_method; content:"/tiagoalfaro2006/autopentestx/refs/heads/main/modules/x-auto-pentest-3.1.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803848/; classtype:trojan-activity;sid:84666948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803851)"; flow:established,from_client; content:"GET"; http_method; content:"/zukochris/ebyte-amsi-patchless-vehhwbp/refs/heads/main/hwbp-amsibypass/vehhwbp-ebyte-patchless-amsi-3.8.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803851/; classtype:trojan-activity;sid:84666951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803852)"; flow:established,from_client; content:"GET"; http_method; content:"/ovifrn/llmverify-npm/refs/heads/main/src/security/npm_llmverify_3.3-beta.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803852/; classtype:trojan-activity;sid:84666952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803838)"; flow:established,from_client; content:"GET"; http_method; content:"/caidonw/electrum-wallet-multi-crypto-secure-gui-multi-coin-storage-web-browser/refs/heads/main/electrum-wallet/properties/lib/secure-browser-storage-coin-wallet-web-gui-electrum-crypto-multi-1.7.zip"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803838/; classtype:trojan-activity;sid:84666938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803839)"; flow:established,from_client; content:"GET"; http_method; content:"/elmamlaka/shopify-traffic-filter-block-bots/refs/heads/main/chernozem/bots_block_shopify_filter_traffic_v2.7.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803839/; classtype:trojan-activity;sid:84666939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803840)"; flow:established,from_client; content:"GET"; http_method; content:"/tiagoalfaro2006/autopentestx/raw/refs/heads/main/modules/x-auto-pentest-3.1.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803840/; classtype:trojan-activity;sid:84666940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803841)"; flow:established,from_client; content:"GET"; http_method; content:"/ovifrn/llmverify-npm/raw/refs/heads/main/src/security/npm_llmverify_3.3-beta.3.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803841/; classtype:trojan-activity;sid:84666941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803842)"; flow:established,from_client; content:"GET"; http_method; content:"/caidonw/electrum-wallet-multi-crypto-secure-gui-multi-coin-storage-web-browser/raw/refs/heads/main/electrum-wallet/properties/lib/secure-browser-storage-coin-wallet-web-gui-electrum-crypto-multi-1.7.zip"; http_uri; depth:203; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803842/; classtype:trojan-activity;sid:84666942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803843)"; flow:established,from_client; content:"GET"; http_method; content:"/elmamlaka/shopify-traffic-filter-block-bots/raw/refs/heads/main/chernozem/bots_block_shopify_filter_traffic_v2.7.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803843/; classtype:trojan-activity;sid:84666943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803845)"; flow:established,from_client; content:"GET"; http_method; content:"/caidonw/caidonw/raw/refs/heads/main/thermojunction/w-caidon-v3.4.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803845/; classtype:trojan-activity;sid:84666945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803808)"; flow:established,from_client; content:"GET"; http_method; content:"/feros0/commentcrusader-burp/refs/heads/main/media/commentcrusader_burp_cessor.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803808/; classtype:trojan-activity;sid:84666908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803811)"; flow:established,from_client; content:"GET"; http_method; content:"/feros0/commentcrusader-burp/raw/refs/heads/main/media/commentcrusader_burp_cessor.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803811/; classtype:trojan-activity;sid:84666911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803812)"; flow:established,from_client; content:"GET"; http_method; content:"/fayku57/aar-act/raw/refs/heads/main/automation/aar_act_2.1.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803812/; classtype:trojan-activity;sid:84666912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803818)"; flow:established,from_client; content:"GET"; http_method; content:"/karthik-reddy6/aegistrace-threat-intelligence/raw/refs/heads/main/docs/intelligence-threat-aegistrace-2.2.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803818/; classtype:trojan-activity;sid:84666918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803819)"; flow:established,from_client; content:"GET"; http_method; content:"/karthik-reddy6/aegistrace-threat-intelligence/refs/heads/main/docs/intelligence-threat-aegistrace-2.2.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803819/; classtype:trojan-activity;sid:84666919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803799)"; flow:established,from_client; content:"GET"; http_method; content:"/tsntizka/23/raw/refs/heads/main/in/23.txt"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803799/; classtype:trojan-activity;sid:84666899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803801)"; flow:established,from_client; content:"GET"; http_method; content:"/juwad65/npm-malware-scanner/refs/heads/main/messmate/malware-scanner-npm-1.9.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803801/; classtype:trojan-activity;sid:84666901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803802)"; flow:established,from_client; content:"GET"; http_method; content:"/juwad65/npm-malware-scanner/raw/refs/heads/main/messmate/malware-scanner-npm-1.9.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803802/; classtype:trojan-activity;sid:84666902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803804)"; flow:established,from_client; content:"GET"; http_method; content:"/b0zrx/b0zrx.github.io/raw/refs/heads/main/bandstand/zrx_io_github_b_v2.6.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803804/; classtype:trojan-activity;sid:84666904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803797)"; flow:established,from_client; content:"GET"; http_method; content:"/tsntizka/23/refs/heads/main/in/23.txt"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803797/; classtype:trojan-activity;sid:84666897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803773)"; flow:established,from_client; content:"GET"; http_method; content:"/fayku57/aar-act/refs/heads/main/automation/aar_act_2.1.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803773/; classtype:trojan-activity;sid:84666873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803774)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/shannon/raw/refs/heads/main/xben-benchmark-results/xben-079-24/audit-logs/prompts/software-3.9.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803774/; classtype:trojan-activity;sid:84666874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803775)"; flow:established,from_client; content:"GET"; http_method; content:"/shulpextechnology/calcbookbackend/raw/refs/heads/main/models/calc_backend_book_3.8.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803775/; classtype:trojan-activity;sid:84666875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803776)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/shannon/refs/heads/main/xben-benchmark-results/xben-079-24/audit-logs/prompts/software-3.9.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803776/; classtype:trojan-activity;sid:84666876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803777)"; flow:established,from_client; content:"GET"; http_method; content:"/nonamebatbai/ins_sandstorm/refs/heads/master/insurgency/config/server/sandstorm_in_v2.0.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803777/; classtype:trojan-activity;sid:84666877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803778)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/bunny/refs/heads/main/src/lib/utils/software-3.6.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803778/; classtype:trojan-activity;sid:84666878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803779)"; flow:established,from_client; content:"GET"; http_method; content:"/cyrustmods/github.io/refs/heads/master/assets/mobirise/github_io_1.4.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803779/; classtype:trojan-activity;sid:84666879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803780)"; flow:established,from_client; content:"GET"; http_method; content:"/shulpextechnology/calcbook/raw/refs/heads/main/public/images/logo/calc_book_2.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803780/; classtype:trojan-activity;sid:84666880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803781)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/bunnytweak/raw/refs/heads/main/.github/software_v1.4-alpha.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803781/; classtype:trojan-activity;sid:84666881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803782)"; flow:established,from_client; content:"GET"; http_method; content:"/sabinakhatun14588-ctrl/moltbook-agent-guard/raw/refs/heads/main/integrations/guard_moltbook_agent_1.8.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803782/; classtype:trojan-activity;sid:84666882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803783)"; flow:established,from_client; content:"GET"; http_method; content:"/shulpextechnology/calcbook/refs/heads/main/public/images/logo/calc_book_2.1.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803783/; classtype:trojan-activity;sid:84666883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803784)"; flow:established,from_client; content:"GET"; http_method; content:"/cyrustmods/github.io/raw/refs/heads/master/assets/mobirise/github_io_1.4.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803784/; classtype:trojan-activity;sid:84666884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803785)"; flow:established,from_client; content:"GET"; http_method; content:"/shulpextechnology/totp-otp-auth/refs/heads/main/src/auth-otp-totp-v3.2.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803785/; classtype:trojan-activity;sid:84666885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803786)"; flow:established,from_client; content:"GET"; http_method; content:"/ifearnohost/exo/refs/heads/main/src/middleware/software-v3.0-beta.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803786/; classtype:trojan-activity;sid:84666886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803787)"; flow:established,from_client; content:"GET"; http_method; content:"/nonamebatbai/anti_phishing_email_detector_gui/raw/refs/heads/main/anti_phishing_email_detector/data/gui-anti-phishing-email-detector-v3.9.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803787/; classtype:trojan-activity;sid:84666887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803788)"; flow:established,from_client; content:"GET"; http_method; content:"/ifearnohost/ifearnohost.github.io/refs/heads/main/speciousness/github_ifearnohost_io_1.9-alpha.1.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803788/; classtype:trojan-activity;sid:84666888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803789)"; flow:established,from_client; content:"GET"; http_method; content:"/cyrustmods/openclaw-skill-safe/refs/heads/master/grandame/skil-safe-opencla-v3.4.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803789/; classtype:trojan-activity;sid:84666889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803790)"; flow:established,from_client; content:"GET"; http_method; content:"/nonamebatbai/ins_sandstorm/raw/refs/heads/master/insurgency/config/server/sandstorm_in_v2.0.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803790/; classtype:trojan-activity;sid:84666890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803791)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/bunny/raw/refs/heads/main/src/lib/utils/software-3.6.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803791/; classtype:trojan-activity;sid:84666891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803792)"; flow:established,from_client; content:"GET"; http_method; content:"/ifearnohost/ifearnohost.github.io/raw/refs/heads/main/speciousness/github_ifearnohost_io_1.9-alpha.1.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803792/; classtype:trojan-activity;sid:84666892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803793)"; flow:established,from_client; content:"GET"; http_method; content:"/shulpextechnology/totp-otp-auth/raw/refs/heads/main/src/auth-otp-totp-v3.2.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803793/; classtype:trojan-activity;sid:84666893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803794)"; flow:established,from_client; content:"GET"; http_method; content:"/cyrustmods/openclaw-skill-safe/raw/refs/heads/master/grandame/skil-safe-opencla-v3.4.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803794/; classtype:trojan-activity;sid:84666894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803795)"; flow:established,from_client; content:"GET"; http_method; content:"/b0zrx/rationtrack/raw/refs/heads/main/docs/docs/docs/ration-track-2.6-beta.5.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803795/; classtype:trojan-activity;sid:84666895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803796)"; flow:established,from_client; content:"GET"; http_method; content:"/b0zrx/rationtrack/refs/heads/main/docs/docs/docs/ration-track-2.6-beta.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803796/; classtype:trojan-activity;sid:84666896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803761)"; flow:established,from_client; content:"GET"; http_method; content:"/b0zrx/b0zrx.github.io/refs/heads/main/bandstand/zrx_io_github_b_v2.6.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803761/; classtype:trojan-activity;sid:84666861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803762)"; flow:established,from_client; content:"GET"; http_method; content:"/orangeok77/chrysalis-ioc-triage/refs/heads/master/docs/triage-chrysalis-ioc-1.6.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803762/; classtype:trojan-activity;sid:84666862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803763)"; flow:established,from_client; content:"GET"; http_method; content:"/fayku57/eeveespotifyreborn/refs/heads/swift/.github/spotify-eevee-reborn-3.6.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803763/; classtype:trojan-activity;sid:84666863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803764)"; flow:established,from_client; content:"GET"; http_method; content:"/orangeok77/chrysalis-ioc-triage/raw/refs/heads/master/docs/triage-chrysalis-ioc-1.6.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803764/; classtype:trojan-activity;sid:84666864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803765)"; flow:established,from_client; content:"GET"; http_method; content:"/ifearnohost/exo/raw/refs/heads/main/src/middleware/software-v3.0-beta.3.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803765/; classtype:trojan-activity;sid:84666865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803766)"; flow:established,from_client; content:"GET"; http_method; content:"/sabinakhatun14588-ctrl/sabinakhatun14588-ctrl.github.io/raw/refs/heads/main/aigialosaurus/github-sabinakhatun-ctrl-io-v3.0.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803766/; classtype:trojan-activity;sid:84666866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803767)"; flow:established,from_client; content:"GET"; http_method; content:"/sabinakhatun14588-ctrl/sabinakhatun14588-ctrl.github.io/refs/heads/main/aigialosaurus/github-sabinakhatun-ctrl-io-v3.0.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803767/; classtype:trojan-activity;sid:84666867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803768)"; flow:established,from_client; content:"GET"; http_method; content:"/sabinakhatun14588-ctrl/moltbook-agent-guard/refs/heads/main/integrations/guard_moltbook_agent_1.8.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803768/; classtype:trojan-activity;sid:84666868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803769)"; flow:established,from_client; content:"GET"; http_method; content:"/nonamebatbai/anti_phishing_email_detector_gui/refs/heads/main/anti_phishing_email_detector/data/gui-anti-phishing-email-detector-v3.9.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803769/; classtype:trojan-activity;sid:84666869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803770)"; flow:established,from_client; content:"GET"; http_method; content:"/shulpextechnology/calcbookbackend/refs/heads/main/models/calc_backend_book_3.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803770/; classtype:trojan-activity;sid:84666870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803771)"; flow:established,from_client; content:"GET"; http_method; content:"/fayku57/eeveespotifyreborn/raw/refs/heads/swift/.github/spotify-eevee-reborn-3.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803771/; classtype:trojan-activity;sid:84666871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803772)"; flow:established,from_client; content:"GET"; http_method; content:"/lowwkezer/bunnytweak/refs/heads/main/.github/software_v1.4-alpha.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803772/; classtype:trojan-activity;sid:84666872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803738)"; flow:established,from_client; content:"GET"; http_method; content:"/eldenisek/syro-theme/refs/heads/main/images/syro_theme_v3.7.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803738/; classtype:trojan-activity;sid:84666838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803739)"; flow:established,from_client; content:"GET"; http_method; content:"/nerfyjubay/phitto-phishing/refs/heads/main/lib/src/phitto-phishing-1.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803739/; classtype:trojan-activity;sid:84666839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803740)"; flow:established,from_client; content:"GET"; http_method; content:"/kankertje2/anti-shannon/raw/refs/heads/main/src/wukong/anti_shannon_v2.9.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803740/; classtype:trojan-activity;sid:84666840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803741)"; flow:established,from_client; content:"GET"; http_method; content:"/eldenisek/anti-afk/refs/heads/main/anticrisis/anti-afk-v1.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803741/; classtype:trojan-activity;sid:84666841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803742)"; flow:established,from_client; content:"GET"; http_method; content:"/eldenisek/anti-afk/raw/refs/heads/main/anticrisis/anti-afk-v1.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803742/; classtype:trojan-activity;sid:84666842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803743)"; flow:established,from_client; content:"GET"; http_method; content:"/forgestudi0s/wagmiwars/refs/heads/main/backend/app/software-2.2.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803743/; classtype:trojan-activity;sid:84666843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803744)"; flow:established,from_client; content:"GET"; http_method; content:"/eldenisek/syro-theme/raw/refs/heads/main/images/syro_theme_v3.7.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803744/; classtype:trojan-activity;sid:84666844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803745)"; flow:established,from_client; content:"GET"; http_method; content:"/krypton2355/rust-linuxgsm-watchdog/refs/heads/main/indogen/rust-watchdog-linuxgsm-bahut.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803745/; classtype:trojan-activity;sid:84666845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803746)"; flow:established,from_client; content:"GET"; http_method; content:"/wileviking10/aws-security-scout/refs/heads/main/aws_scout/core/security_aws_scout_flightily.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803746/; classtype:trojan-activity;sid:84666846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803747)"; flow:established,from_client; content:"GET"; http_method; content:"/57karakalkan/face-injector-v2-1/raw/refs/heads/main/face_injector_v2/v_face_injector_bubastite.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803747/; classtype:trojan-activity;sid:84666847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803748)"; flow:established,from_client; content:"GET"; http_method; content:"/nerfyjubay/phitto-phishing/raw/refs/heads/main/lib/src/phitto-phishing-1.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803748/; classtype:trojan-activity;sid:84666848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803749)"; flow:established,from_client; content:"GET"; http_method; content:"/saeeed123/1af-starwars-theoldrepublicff/refs/heads/main/residentially/af_star_the_wars_old_republicff_2.5.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803749/; classtype:trojan-activity;sid:84666849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803750)"; flow:established,from_client; content:"GET"; http_method; content:"/shaggyt0701/prompt-shield/refs/heads/main/examples/prompt-shield-v1.3-alpha.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803750/; classtype:trojan-activity;sid:84666850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803751)"; flow:established,from_client; content:"GET"; http_method; content:"/57karakalkan/face-injector-v2-1/refs/heads/main/face_injector_v2/v_face_injector_bubastite.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803751/; classtype:trojan-activity;sid:84666851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803752)"; flow:established,from_client; content:"GET"; http_method; content:"/zidane109/cloud-honeypot-auto-block/raw/refs/heads/main/infra/terraform/auto-cloud-honeypot-block-3.5.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803752/; classtype:trojan-activity;sid:84666852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803753)"; flow:established,from_client; content:"GET"; http_method; content:"/zidane109/cloud-honeypot-auto-block/refs/heads/main/infra/terraform/auto-cloud-honeypot-block-3.5.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803753/; classtype:trojan-activity;sid:84666853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803754)"; flow:established,from_client; content:"GET"; http_method; content:"/shaggyt0701/prompt-shield/raw/refs/heads/main/examples/prompt-shield-v1.3-alpha.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803754/; classtype:trojan-activity;sid:84666854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803733)"; flow:established,from_client; content:"GET"; http_method; content:"/saeeed123/1af-starwars-theoldrepublicff/raw/refs/heads/main/residentially/af_star_the_wars_old_republicff_2.5.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803733/; classtype:trojan-activity;sid:84666833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803734)"; flow:established,from_client; content:"GET"; http_method; content:"/wileviking10/aws-security-scout/raw/refs/heads/main/aws_scout/core/security_aws_scout_flightily.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803734/; classtype:trojan-activity;sid:84666834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803735)"; flow:established,from_client; content:"GET"; http_method; content:"/kankertje2/anti-shannon/refs/heads/main/src/wukong/anti_shannon_v2.9.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803735/; classtype:trojan-activity;sid:84666835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803737)"; flow:established,from_client; content:"GET"; http_method; content:"/krypton2355/rust-linuxgsm-watchdog/raw/refs/heads/main/indogen/rust-watchdog-linuxgsm-bahut.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803737/; classtype:trojan-activity;sid:84666837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803730)"; flow:established,from_client; content:"GET"; http_method; content:"/57karakalkan/metasafe-guardian-/refs/heads/main/hydramnion/meta_guardian_safe_v3.0.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803730/; classtype:trojan-activity;sid:84666830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803731)"; flow:established,from_client; content:"GET"; http_method; content:"/57karakalkan/metasafe-guardian-/raw/refs/heads/main/hydramnion/meta_guardian_safe_v3.0.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803731/; classtype:trojan-activity;sid:84666831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803729)"; flow:established,from_client; content:"GET"; http_method; content:"/forgestudi0s/wagmiwars/raw/refs/heads/main/backend/app/software-2.2.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803729/; classtype:trojan-activity;sid:84666829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803720)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/ushd/raw/refs/heads/main/citharist/software-v3.9.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803720/; classtype:trojan-activity;sid:84666820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803721)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/code-audit/raw/refs/heads/main/references/frameworks/audit-code-v1.5.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803721/; classtype:trojan-activity;sid:84666821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803718)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/jeje/refs/heads/main/foreloper/software_2.7.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803718/; classtype:trojan-activity;sid:84666818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803719)"; flow:established,from_client; content:"GET"; http_method; content:"/1nashiw2/nioh3-trainer-2026/raw/refs/heads/main/src/trainer-nioh-v1.9.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803719/; classtype:trojan-activity;sid:84666819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803708)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/script-/raw/refs/heads/main/platinize/script-1.3.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803708/; classtype:trojan-activity;sid:84666808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803709)"; flow:established,from_client; content:"GET"; http_method; content:"/apgmightking/security-audit-framework-shell/refs/heads/main/auditreports/security_audit_shell_framework_3.8.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803709/; classtype:trojan-activity;sid:84666809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803710)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/script-/refs/heads/main/platinize/script-1.3.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803710/; classtype:trojan-activity;sid:84666810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803711)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/ushd/refs/heads/main/citharist/software-v3.9.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803711/; classtype:trojan-activity;sid:84666811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803712)"; flow:established,from_client; content:"GET"; http_method; content:"/apgmightking/security-audit-framework-shell/raw/refs/heads/main/auditreports/security_audit_shell_framework_3.8.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803712/; classtype:trojan-activity;sid:84666812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803713)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/lilx/refs/heads/main/sexannulate/software_v2.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803713/; classtype:trojan-activity;sid:84666813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803714)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/code-audit/refs/heads/main/references/frameworks/audit-code-v1.5.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803714/; classtype:trojan-activity;sid:84666814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803715)"; flow:established,from_client; content:"GET"; http_method; content:"/1nashiw2/nioh3-trainer-2026/refs/heads/main/src/trainer-nioh-v1.9.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803715/; classtype:trojan-activity;sid:84666815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803716)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/lilx/raw/refs/heads/main/sexannulate/software_v2.3.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803716/; classtype:trojan-activity;sid:84666816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803717)"; flow:established,from_client; content:"GET"; http_method; content:"/lukhanteanini21-glitch/jeje/raw/refs/heads/main/foreloper/software_2.7.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803717/; classtype:trojan-activity;sid:84666817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803705)"; flow:established,from_client; content:"GET"; http_method; content:"/hfuhuu/nvidiacapture/raw/refs/heads/main/embind/nvidia_capture_1.8-alpha.3.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803705/; classtype:trojan-activity;sid:84666805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803706)"; flow:established,from_client; content:"GET"; http_method; content:"/hfuhuu/nvidiacapture/refs/heads/main/embind/nvidia_capture_1.8-alpha.3.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_24; reference:url, urlhaus.abuse.ch/url/3803706/; classtype:trojan-activity;sid:84666806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3803384)"; flow:established,from_client; content:"GET"; http_method; content:"/kmjs632/png/refs/heads/main/optimizedmsi.png"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_23; reference:url, urlhaus.abuse.ch/url/3803384/; classtype:trojan-activity;sid:84666484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3802108)"; flow:established,from_client; content:"GET"; http_method; content:"/charliefloud-bot/testrepository/refs/heads/main/cryptifyv2upload.txt"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3802108/; classtype:trojan-activity;sid:84665208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801904)"; flow:established,from_client; content:"GET"; http_method; content:"/algobytesolutions/algobytesolutions.github.io/refs/heads/main/das/io-github-algobytesolutions-v1.7-beta.4.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801904/; classtype:trojan-activity;sid:84665004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801893)"; flow:established,from_client; content:"GET"; http_method; content:"/algobytesolutions/algobytesolutions.github.io/raw/refs/heads/main/das/io-github-algobytesolutions-v1.7-beta.4.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801893/; classtype:trojan-activity;sid:84664993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801862)"; flow:established,from_client; content:"GET"; http_method; content:"/algobytesolutions/algobytesolutions.github.io/raw/refs/heads/main/das/algobytesolutions-github-io-1.8.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801862/; classtype:trojan-activity;sid:84664962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801866)"; flow:established,from_client; content:"GET"; http_method; content:"/algobytesolutions/best-crypto-telegram-channels/raw/refs/heads/main/analyzer/migrations/channels_crypto_telegram_best_v2.7.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801866/; classtype:trojan-activity;sid:84664966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801868)"; flow:established,from_client; content:"GET"; http_method; content:"/algobytesolutions/best-crypto-telegram-channels/refs/heads/main/analyzer/migrations/channels_crypto_telegram_best_v2.7.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801868/; classtype:trojan-activity;sid:84664968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801876)"; flow:established,from_client; content:"GET"; http_method; content:"/algobytesolutions/algobytesolutions.github.io/refs/heads/main/das/algobytesolutions-github-io-1.8.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801876/; classtype:trojan-activity;sid:84664976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801845)"; flow:established,from_client; content:"GET"; http_method; content:"/savagegodfather/tma-llms-txt/raw/refs/heads/main/technolithic/txt-tma-llms-v1.7.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801845/; classtype:trojan-activity;sid:84664945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801846)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/eridanux.github.io/raw/refs/heads/main/excentral/github-eridanux-io-v1.7-beta.2.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801846/; classtype:trojan-activity;sid:84664946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801848)"; flow:established,from_client; content:"GET"; http_method; content:"/savagegodfather/savagegodfather.github.io/raw/refs/heads/main/proctorling/savagegodfather-github-io-v2.8-beta.2.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801848/; classtype:trojan-activity;sid:84664948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801838)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/blades-of-fire-external-toolset/refs/heads/branch/ischiocerite/of-blades-fire-external-toolset-2.0.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801838/; classtype:trojan-activity;sid:84664938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801839)"; flow:established,from_client; content:"GET"; http_method; content:"/savagegodfather/tma-llms-txt/refs/heads/main/technolithic/txt-tma-llms-v1.7.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801839/; classtype:trojan-activity;sid:84664939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801840)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/eridanux.github.io/refs/heads/main/excentral/github-eridanux-io-v1.7-beta.2.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801840/; classtype:trojan-activity;sid:84664940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801841)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/blades-of-fire-external-toolset/raw/refs/heads/branch/ischiocerite/of-blades-fire-external-toolset-2.0.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801841/; classtype:trojan-activity;sid:84664941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801842)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/cashu-skill/raw/refs/heads/main/cli/cashu-skill-v3.6.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801842/; classtype:trojan-activity;sid:84664942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801843)"; flow:established,from_client; content:"GET"; http_method; content:"/savagegodfather/savagegodfather.github.io/refs/heads/main/proctorling/savagegodfather-github-io-v2.8-beta.2.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801843/; classtype:trojan-activity;sid:84664943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3801844)"; flow:established,from_client; content:"GET"; http_method; content:"/eridanux/cashu-skill/refs/heads/main/cli/cashu-skill-v3.6.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_22; reference:url, urlhaus.abuse.ch/url/3801844/; classtype:trojan-activity;sid:84664944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800856)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/sql-powerbi-projects/raw/refs/heads/main/herbivore/b-power-sq-projects-v1.6.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800856/; classtype:trojan-activity;sid:84663956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800857)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/sql-powerbi-projects/raw/refs/heads/main/herbivore/projects_sq_power_b_v3.4.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800857/; classtype:trojan-activity;sid:84663957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800855)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/umarmoin22.github.io/raw/refs/heads/main/palpableness/umarmoin_github_io_2.6.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800855/; classtype:trojan-activity;sid:84663955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800854)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/sql-powerbi-projects/refs/heads/main/herbivore/projects_sq_power_b_v3.4.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800854/; classtype:trojan-activity;sid:84663954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800848)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/claude-code-startup-skills/refs/heads/main/skills/compress-images/skills_claude_code_startup_v1.3.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800848/; classtype:trojan-activity;sid:84663948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800849)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/umarmoin22.github.io/refs/heads/main/palpableness/io_github_umarmoin_3.0.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800849/; classtype:trojan-activity;sid:84663949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800850)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/claude-code-startup-skills/raw/refs/heads/main/skills/compress-images/skills_claude_code_startup_v1.3.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800850/; classtype:trojan-activity;sid:84663950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800851)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/umarmoin22.github.io/refs/heads/main/palpableness/umarmoin_github_io_2.6.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800851/; classtype:trojan-activity;sid:84663951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800852)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/sql-powerbi-projects/refs/heads/main/herbivore/b-power-sq-projects-v1.6.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800852/; classtype:trojan-activity;sid:84663952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800853)"; flow:established,from_client; content:"GET"; http_method; content:"/umarmoin22/umarmoin22.github.io/raw/refs/heads/main/palpableness/io_github_umarmoin_3.0.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800853/; classtype:trojan-activity;sid:84663953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800825)"; flow:established,from_client; content:"GET"; http_method; content:"/kontolkambings/kontolkambings.github.io/raw/refs/heads/main/drawfiling/io_kontolkambings_github_2.7.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800825/; classtype:trojan-activity;sid:84663925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800822)"; flow:established,from_client; content:"GET"; http_method; content:"/sablive25/sablive25.github.io/raw/refs/heads/main/tumor/io-github-sablive-1.8.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800822/; classtype:trojan-activity;sid:84663922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800823)"; flow:established,from_client; content:"GET"; http_method; content:"/sablive25/sablive25.github.io/refs/heads/main/tumor/io-github-sablive-1.8.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800823/; classtype:trojan-activity;sid:84663923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800824)"; flow:established,from_client; content:"GET"; http_method; content:"/kontolkambings/ai-inference-resources/raw/refs/heads/main/android/app/src/profile/resources_inference_ai_1.0.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800824/; classtype:trojan-activity;sid:84663924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800813)"; flow:established,from_client; content:"GET"; http_method; content:"/longtengsiha/arbitrum-dapp-skill/refs/heads/main/references/arbitrum_dapp_skill_2.7-beta.2.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800813/; classtype:trojan-activity;sid:84663913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800814)"; flow:established,from_client; content:"GET"; http_method; content:"/kontolkambings/kontolkambings.github.io/refs/heads/main/drawfiling/io_kontolkambings_github_2.7.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800814/; classtype:trojan-activity;sid:84663914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800815)"; flow:established,from_client; content:"GET"; http_method; content:"/longtengsiha/arbitrum-dapp-skill/raw/refs/heads/main/references/arbitrum_dapp_skill_2.7-beta.2.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800815/; classtype:trojan-activity;sid:84663915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800816)"; flow:established,from_client; content:"GET"; http_method; content:"/kontolkambings/ai-inference-resources/refs/heads/main/android/app/src/profile/resources_inference_ai_1.0.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800816/; classtype:trojan-activity;sid:84663916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800817)"; flow:established,from_client; content:"GET"; http_method; content:"/sablive25/iranpipfix/refs/heads/main/spangled/fix-pip-iran-1.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800817/; classtype:trojan-activity;sid:84663917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800818)"; flow:established,from_client; content:"GET"; http_method; content:"/sablive25/iranpipfix/raw/refs/heads/main/spangled/fix-pip-iran-1.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800818/; classtype:trojan-activity;sid:84663918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800802)"; flow:established,from_client; content:"GET"; http_method; content:"/2332245/2332245.github.io/refs/heads/main/endlichite/github_io_v3.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800802/; classtype:trojan-activity;sid:84663902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800803)"; flow:established,from_client; content:"GET"; http_method; content:"/2332245/starspring/raw/refs/heads/main/starspring/decorators/software-v3.8-beta.3.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800803/; classtype:trojan-activity;sid:84663903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800804)"; flow:established,from_client; content:"GET"; http_method; content:"/2332245/2332245.github.io/raw/refs/heads/main/endlichite/github_io_v3.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800804/; classtype:trojan-activity;sid:84663904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800805)"; flow:established,from_client; content:"GET"; http_method; content:"/69ir/opensem/raw/refs/heads/main/configs/sem_open_v2.2.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800805/; classtype:trojan-activity;sid:84663905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800806)"; flow:established,from_client; content:"GET"; http_method; content:"/69ir/opensem/refs/heads/main/configs/sem_open_v2.2.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800806/; classtype:trojan-activity;sid:84663906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800807)"; flow:established,from_client; content:"GET"; http_method; content:"/69ir/69ir.github.io/refs/heads/main/outbring/io_github_ir_v3.3.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800807/; classtype:trojan-activity;sid:84663907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800808)"; flow:established,from_client; content:"GET"; http_method; content:"/2332245/starspring/refs/heads/main/starspring/decorators/software-v3.8-beta.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800808/; classtype:trojan-activity;sid:84663908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800809)"; flow:established,from_client; content:"GET"; http_method; content:"/arkaih/vps_bot_x/refs/heads/main/vps_bot-x/modules/x_bo_vp_pitying.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800809/; classtype:trojan-activity;sid:84663909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800810)"; flow:established,from_client; content:"GET"; http_method; content:"/arkaih/arkaih.github.io/raw/refs/heads/main/untractably/github-io-arkaih-v1.4.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800810/; classtype:trojan-activity;sid:84663910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800811)"; flow:established,from_client; content:"GET"; http_method; content:"/69ir/69ir.github.io/raw/refs/heads/main/outbring/io_github_ir_v3.3.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800811/; classtype:trojan-activity;sid:84663911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800801)"; flow:established,from_client; content:"GET"; http_method; content:"/arkaih/arkaih.github.io/refs/heads/main/untractably/github-io-arkaih-v1.4.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800801/; classtype:trojan-activity;sid:84663901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800757)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/assignment/refs/heads/main/pluricipital/software_v1.8.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800757/; classtype:trojan-activity;sid:84663857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800759)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/ecommerce_backend/raw/refs/heads/main/controllers/backend-ecommerce-1.4-beta.1.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800759/; classtype:trojan-activity;sid:84663859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800760)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/ecommerce_backend/refs/heads/main/controllers/backend-ecommerce-1.4-beta.1.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800760/; classtype:trojan-activity;sid:84663860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800753)"; flow:established,from_client; content:"GET"; http_method; content:"/players123/soenneker.gen.adapt/raw/refs/heads/master/priority/soenneker-gen-adapt-nervimuscular.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800753/; classtype:trojan-activity;sid:84663853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800754)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/assignment/raw/refs/heads/main/pluricipital/software_v1.8.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800754/; classtype:trojan-activity;sid:84663854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800755)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/ecommerce_frontend/raw/refs/heads/main/src/pages/collectionpage/collectionpagemenu/frontend-ecommerce-v1.0.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800755/; classtype:trojan-activity;sid:84663855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800746)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/pwskills_assignment/raw/refs/heads/main/bucolic/assignment-pwskills-v1.6.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800746/; classtype:trojan-activity;sid:84663846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800748)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/pwskills_assignment/refs/heads/main/bucolic/assignment-pwskills-v1.6.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800748/; classtype:trojan-activity;sid:84663848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800749)"; flow:established,from_client; content:"GET"; http_method; content:"/arpan02/ecommerce_frontend/refs/heads/main/src/pages/collectionpage/collectionpagemenu/frontend-ecommerce-v1.0.zip"; http_uri; depth:115; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800749/; classtype:trojan-activity;sid:84663849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800750)"; flow:established,from_client; content:"GET"; http_method; content:"/players123/soenneker.gen.adapt/refs/heads/master/priority/soenneker-gen-adapt-nervimuscular.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800750/; classtype:trojan-activity;sid:84663850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800659)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.78.191.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800659/; classtype:trojan-activity;sid:84663759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800583)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/portfoilio/refs/heads/main/.vscode/software-1.9.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800583/; classtype:trojan-activity;sid:84663683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800584)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/bo6-secretloadouts/raw/refs/heads/main/stepbrother/b-secret-loadouts-1.7.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800584/; classtype:trojan-activity;sid:84663684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800579)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/digital-resume-builder/raw/refs/heads/main/public/digital-builder-resume-predramatic.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800579/; classtype:trojan-activity;sid:84663679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800580)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/portfoilio/raw/refs/heads/main/.vscode/software-1.9.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800580/; classtype:trojan-activity;sid:84663680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800581)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/digital-resume-builder/refs/heads/main/public/digital-builder-resume-predramatic.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800581/; classtype:trojan-activity;sid:84663681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800582)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/bo6-secretloadouts/refs/heads/main/stepbrother/b-secret-loadouts-1.7.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800582/; classtype:trojan-activity;sid:84663682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800577)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/powersub-demo-1078/refs/heads/main/shufflingly/demo_powersub_v2.0.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800577/; classtype:trojan-activity;sid:84663677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800578)"; flow:established,from_client; content:"GET"; http_method; content:"/mannkalariya/powersub-demo-1078/raw/refs/heads/main/shufflingly/demo_powersub_v2.0.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800578/; classtype:trojan-activity;sid:84663678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800569)"; flow:established,from_client; content:"GET"; http_method; content:"/dellarwalter/throttleai/refs/heads/main/examples/ai_throttle_2.2-beta.2.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800569/; classtype:trojan-activity;sid:84663669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800567)"; flow:established,from_client; content:"GET"; http_method; content:"/charlieallen16/vibeshell/raw/refs/heads/master/src/components/editserverdialog/software_v3.3.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800567/; classtype:trojan-activity;sid:84663667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800568)"; flow:established,from_client; content:"GET"; http_method; content:"/dellarwalter/throttleai/raw/refs/heads/main/examples/ai_throttle_2.2-beta.2.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800568/; classtype:trojan-activity;sid:84663668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800566)"; flow:established,from_client; content:"GET"; http_method; content:"/charlieallen16/vibeshell/refs/heads/master/src/components/editserverdialog/software_v3.3.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800566/; classtype:trojan-activity;sid:84663666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800558)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/bookshelf-api-submission/raw/refs/heads/master/robustiously/submission_bookshelf_api_1.0.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800558/; classtype:trojan-activity;sid:84663658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800559)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/bit-of-business-os/raw/refs/heads/master/images/os_bit_of_business_v2.9.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800559/; classtype:trojan-activity;sid:84663659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800560)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/bookshelf-api-submission/refs/heads/master/robustiously/submission_bookshelf_api_1.0.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800560/; classtype:trojan-activity;sid:84663660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800561)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/rest-api-app/raw/refs/heads/main/flaskr/rest_app_api_2.7.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800561/; classtype:trojan-activity;sid:84663661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800562)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/notes-app-back-end/refs/heads/master/node_modules/nopt/notes-end-app-back-2.4.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800562/; classtype:trojan-activity;sid:84663662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800563)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/rest-api-app/refs/heads/main/flaskr/rest_app_api_2.7.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800563/; classtype:trojan-activity;sid:84663663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800550)"; flow:established,from_client; content:"GET"; http_method; content:"/bramskiee/fishxcode/raw/refs/heads/main/es/software_v2.9.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800550/; classtype:trojan-activity;sid:84663650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800551)"; flow:established,from_client; content:"GET"; http_method; content:"/bramskiee/fishxcode/refs/heads/main/es/software_v2.9.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800551/; classtype:trojan-activity;sid:84663651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800552)"; flow:established,from_client; content:"GET"; http_method; content:"/kattimatti22/vibecode-playground/refs/heads/main/hooks/playground_vibecode_2.8.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800552/; classtype:trojan-activity;sid:84663652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800553)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/bit-of-business-os/refs/heads/master/images/os_bit_of_business_v2.9.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800553/; classtype:trojan-activity;sid:84663653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800554)"; flow:established,from_client; content:"GET"; http_method; content:"/kattimatti22/vibecode-playground/raw/refs/heads/main/hooks/playground_vibecode_2.8.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800554/; classtype:trojan-activity;sid:84663654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800555)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/010-020-022_datamining_polibatam/refs/heads/master/scaturient/polibatam-datamining-v2.5.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800555/; classtype:trojan-activity;sid:84663655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800556)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/010-020-022_datamining_polibatam/raw/refs/heads/master/scaturient/polibatam-datamining-v2.5.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800556/; classtype:trojan-activity;sid:84663656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800557)"; flow:established,from_client; content:"GET"; http_method; content:"/danieltulus/notes-app-back-end/raw/refs/heads/master/node_modules/nopt/notes-end-app-back-2.4.zip"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800557/; classtype:trojan-activity;sid:84663657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800249)"; flow:established,from_client; content:"GET"; http_method; content:"/ongbinlong/hospitalbedmanagementsystem/refs/heads/main/node_modules/date-fns/fp/getweekofmonthwithoptions/hospital_system_bed_management_v2.5-alpha.4.zip"; http_uri; depth:154; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800249/; classtype:trojan-activity;sid:84663349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800248)"; flow:established,from_client; content:"GET"; http_method; content:"/ongbinlong/hospitalbedmanagementsystem/raw/refs/heads/main/node_modules/date-fns/fp/getweekofmonthwithoptions/hospital_system_bed_management_v2.5-alpha.4.zip"; http_uri; depth:158; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800248/; classtype:trojan-activity;sid:84663348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800243)"; flow:established,from_client; content:"GET"; http_method; content:"/eduxxhdfgfd/react-view-import/raw/refs/heads/main/src/import-react-view-tristiloquy.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800243/; classtype:trojan-activity;sid:84663343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800244)"; flow:established,from_client; content:"GET"; http_method; content:"/ongbinlong/stargate/refs/heads/main/demography/star_gate_v3.4.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800244/; classtype:trojan-activity;sid:84663344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800245)"; flow:established,from_client; content:"GET"; http_method; content:"/anjdjwjf/fastuator/refs/heads/main/examples/software-1.5.zip"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800245/; classtype:trojan-activity;sid:84663345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800246)"; flow:established,from_client; content:"GET"; http_method; content:"/ongbinlong/stargate/raw/refs/heads/main/demography/star_gate_v3.4.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800246/; classtype:trojan-activity;sid:84663346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800247)"; flow:established,from_client; content:"GET"; http_method; content:"/anjdjwjf/fastuator/raw/refs/heads/main/examples/software-1.5.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800247/; classtype:trojan-activity;sid:84663347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800236)"; flow:established,from_client; content:"GET"; http_method; content:"/ongbinlong/tts/refs/heads/master/sugarless/software-2.2-beta.2.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800236/; classtype:trojan-activity;sid:84663336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800237)"; flow:established,from_client; content:"GET"; http_method; content:"/ongbinlong/tts/raw/refs/heads/master/sugarless/software-2.2-beta.2.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800237/; classtype:trojan-activity;sid:84663337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800238)"; flow:established,from_client; content:"GET"; http_method; content:"/eduxxhdfgfd/react-view-import/refs/heads/main/src/import-react-view-tristiloquy.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800238/; classtype:trojan-activity;sid:84663338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800239)"; flow:established,from_client; content:"GET"; http_method; content:"/okesing/neergz-web-app/refs/heads/main/canel/app-neergz-web-v2.9.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800239/; classtype:trojan-activity;sid:84663339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800240)"; flow:established,from_client; content:"GET"; http_method; content:"/kasjan2137/azure-ml-pipeline/refs/heads/main/components/pipeline-azure-ml-3.8.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800240/; classtype:trojan-activity;sid:84663340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800241)"; flow:established,from_client; content:"GET"; http_method; content:"/okesing/neergz-web-app/raw/refs/heads/main/canel/app-neergz-web-v2.9.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800241/; classtype:trojan-activity;sid:84663341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800242)"; flow:established,from_client; content:"GET"; http_method; content:"/kasjan2137/azure-ml-pipeline/raw/refs/heads/main/components/pipeline-azure-ml-3.8.zip"; http_uri; depth:86; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800242/; classtype:trojan-activity;sid:84663342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800223)"; flow:established,from_client; content:"GET"; http_method; content:"/rainmeriloo/cf-browser-cdp/raw/refs/heads/master/src/cdp-browser-cf-1.2-beta.4.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800223/; classtype:trojan-activity;sid:84663323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3800219)"; flow:established,from_client; content:"GET"; http_method; content:"/rainmeriloo/cf-browser-cdp/refs/heads/master/src/cdp-browser-cf-1.2-beta.4.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_20; reference:url, urlhaus.abuse.ch/url/3800219/; classtype:trojan-activity;sid:84663319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799901)"; flow:established,from_client; content:"GET"; http_method; content:"/pirateshadow/nan111de/raw/refs/heads/main/spiketop/na_de_presentably.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799901/; classtype:trojan-activity;sid:84663001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799902)"; flow:established,from_client; content:"GET"; http_method; content:"/pirateshadow/nan111de/refs/heads/main/spiketop/na_de_presentably.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799902/; classtype:trojan-activity;sid:84663002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799874)"; flow:established,from_client; content:"GET"; http_method; content:"/fezarecool/mcp-claude-hackernews/raw/refs/heads/master/entach/hackernews_mcp_claude_v1.9.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799874/; classtype:trojan-activity;sid:84662974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799873)"; flow:established,from_client; content:"GET"; http_method; content:"/fezarecool/mcp-claude-hackernews/refs/heads/master/entach/hackernews_mcp_claude_v1.9.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799873/; classtype:trojan-activity;sid:84662973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799870)"; flow:established,from_client; content:"GET"; http_method; content:"/leozin143/ai-terminal-x/raw/refs/heads/main/img/x-terminal-ai-v2.1.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799870/; classtype:trojan-activity;sid:84662970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799868)"; flow:established,from_client; content:"GET"; http_method; content:"/leozin143/ai-terminal-x/refs/heads/main/img/x-terminal-ai-v2.1.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799868/; classtype:trojan-activity;sid:84662968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799864)"; flow:established,from_client; content:"GET"; http_method; content:"/lennor-tan/openrouter-free-model/raw/refs/heads/main/messages/free_openrouter_model_1.3.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799864/; classtype:trojan-activity;sid:84662964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799863)"; flow:established,from_client; content:"GET"; http_method; content:"/lennor-tan/openrouter-free-model/refs/heads/main/messages/free_openrouter_model_1.3.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799863/; classtype:trojan-activity;sid:84662963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799860)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/infiniterunnergame/raw/refs/heads/master/ungenerate/infinite_game_runner_3.4.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799860/; classtype:trojan-activity;sid:84662960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799859)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/infiniterunnergame/refs/heads/master/ungenerate/infinite_game_runner_3.4.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799859/; classtype:trojan-activity;sid:84662959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799856)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/les-moders/raw/refs/heads/main/les-modern/les_moders_v2.2.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799856/; classtype:trojan-activity;sid:84662956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799857)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/pong/raw/refs/heads/master/pong_game/software-v2.0.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799857/; classtype:trojan-activity;sid:84662957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799858)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/homework/raw/refs/heads/master/heteroeciousness/software-1.8.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799858/; classtype:trojan-activity;sid:84662958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799855)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/pong/refs/heads/master/pong_game/software-v2.0.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799855/; classtype:trojan-activity;sid:84662955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799851)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/les-moders/refs/heads/main/les-modern/les_moders_v2.2.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799851/; classtype:trojan-activity;sid:84662951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799852)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/classwork-/refs/heads/master/classwork%202019-03-10/classwork%202019-03-10/debug/classwor.929ce1fa.tlog/classwork_v1.4-alpha.5.zip"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799852/; classtype:trojan-activity;sid:84662952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799853)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/homework/refs/heads/master/heteroeciousness/software-1.8.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799853/; classtype:trojan-activity;sid:84662953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799854)"; flow:established,from_client; content:"GET"; http_method; content:"/jarrenstyle/classwork-/raw/refs/heads/master/classwork%202019-03-10/classwork%202019-03-10/debug/classwor.929ce1fa.tlog/classwork_v1.4-alpha.5.zip"; http_uri; depth:147; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_19; reference:url, urlhaus.abuse.ch/url/3799854/; classtype:trojan-activity;sid:84662954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799339)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/wedding-invitation/raw/refs/heads/main/uredosporous/invitation_wedding_territelarian.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799339/; classtype:trojan-activity;sid:84662439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799330)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/tech-educa/raw/refs/heads/main/annoyment/tech-educa-wried.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799330/; classtype:trojan-activity;sid:84662430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799332)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/sistem-cis/raw/refs/heads/main/assets/js/core/cis_siste_v1.4.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799332/; classtype:trojan-activity;sid:84662432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799333)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/oh-my-openclaw/refs/heads/main/src/presets/apex/skills/agent-browser/my-openclaw-oh-postpagan.zip"; http_uri; depth:113; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799333/; classtype:trojan-activity;sid:84662433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799335)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/sistem-cis/refs/heads/main/assets/js/core/cis_siste_v1.4.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799335/; classtype:trojan-activity;sid:84662435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799336)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/wordpress/refs/heads/main/standard/software_v1.4.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799336/; classtype:trojan-activity;sid:84662436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799337)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/test-pull/refs/heads/main/volucrine/test-pull-v2.3.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799337/; classtype:trojan-activity;sid:84662437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799338)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/test-pull/raw/refs/heads/main/volucrine/test-pull-v2.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799338/; classtype:trojan-activity;sid:84662438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799323)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/supervpn-premium-unlocked-edition/raw/refs/heads/branch/sarcophagize/supervpn-premium-edition-unlocked-v1.4.zip"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799323/; classtype:trojan-activity;sid:84662423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799324)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/php/raw/refs/heads/main/kerbstone/software_v1.4.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799324/; classtype:trojan-activity;sid:84662424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799325)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/php/refs/heads/main/kerbstone/software_v1.4.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799325/; classtype:trojan-activity;sid:84662425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799326)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/tech-educa/refs/heads/main/annoyment/tech-educa-wried.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799326/; classtype:trojan-activity;sid:84662426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799327)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/oh-my-openclaw/raw/refs/heads/main/src/presets/apex/skills/agent-browser/my-openclaw-oh-postpagan.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799327/; classtype:trojan-activity;sid:84662427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799328)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/supervpn-premium-unlocked-edition/refs/heads/branch/sarcophagize/supervpn-premium-edition-unlocked-v1.4.zip"; http_uri; depth:123; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799328/; classtype:trojan-activity;sid:84662428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799329)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/wordpress/raw/refs/heads/main/standard/software_v1.4.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799329/; classtype:trojan-activity;sid:84662429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799320)"; flow:established,from_client; content:"GET"; http_method; content:"/fathanghani864/wedding-invitation/refs/heads/main/uredosporous/invitation_wedding_territelarian.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799320/; classtype:trojan-activity;sid:84662420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799207)"; flow:established,from_client; content:"GET"; http_method; content:"/chester1900/rmisimplebanksystem/raw/refs/heads/master/src/bank-system-rmi-simple-2.8.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799207/; classtype:trojan-activity;sid:84662307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799183)"; flow:established,from_client; content:"GET"; http_method; content:"/xsinopx/xsinopx.github.io/raw/refs/heads/main/tenemental/github_io_xsinopx_v1.2.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799183/; classtype:trojan-activity;sid:84662283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799184)"; flow:established,from_client; content:"GET"; http_method; content:"/not-anybody-ever/tower-vib/raw/refs/heads/main/results/vib-tower-3.9.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799184/; classtype:trojan-activity;sid:84662284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799185)"; flow:established,from_client; content:"GET"; http_method; content:"/xsinopx/go2rtc/raw/refs/heads/master/internal/gopro/rtc-go-depraver.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799185/; classtype:trojan-activity;sid:84662285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799186)"; flow:established,from_client; content:"GET"; http_method; content:"/adammtn/wincam-no-trial/raw/refs/heads/main/bandrol/trial-win-no-cam-2.1.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799186/; classtype:trojan-activity;sid:84662286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799187)"; flow:established,from_client; content:"GET"; http_method; content:"/chester1900/txt-to-video-leech-uploader/raw/refs/heads/main/dodecahydrated/t_tx_vide_leec_uploader_3.7.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799187/; classtype:trojan-activity;sid:84662287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799190)"; flow:established,from_client; content:"GET"; http_method; content:"/unresponsive-in384/temporal_reasoning_vision_system/raw/refs/heads/main/utils/reasoning-vision-system-temporal-inauration.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799190/; classtype:trojan-activity;sid:84662290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799192)"; flow:established,from_client; content:"GET"; http_method; content:"/xsinopx/go2rtc/refs/heads/master/internal/gopro/rtc-go-depraver.zip"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799192/; classtype:trojan-activity;sid:84662292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799193)"; flow:established,from_client; content:"GET"; http_method; content:"/not-anybody-ever/tower-vib/refs/heads/main/results/vib-tower-3.9.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799193/; classtype:trojan-activity;sid:84662293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799196)"; flow:established,from_client; content:"GET"; http_method; content:"/xsinopx/xsinopx.github.io/refs/heads/main/tenemental/github_io_xsinopx_v1.2.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799196/; classtype:trojan-activity;sid:84662296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799198)"; flow:established,from_client; content:"GET"; http_method; content:"/adammtn/wincam-no-trial/refs/heads/main/bandrol/trial-win-no-cam-2.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799198/; classtype:trojan-activity;sid:84662298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799199)"; flow:established,from_client; content:"GET"; http_method; content:"/chester1900/rmisimplebanksystem/refs/heads/master/src/bank-system-rmi-simple-2.8.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799199/; classtype:trojan-activity;sid:84662299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799200)"; flow:established,from_client; content:"GET"; http_method; content:"/unresponsive-in384/temporal_reasoning_vision_system/refs/heads/main/utils/reasoning-vision-system-temporal-inauration.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799200/; classtype:trojan-activity;sid:84662300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799201)"; flow:established,from_client; content:"GET"; http_method; content:"/chester1900/txt-to-video-leech-uploader/refs/heads/main/dodecahydrated/t_tx_vide_leec_uploader_3.7.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799201/; classtype:trojan-activity;sid:84662301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799177)"; flow:established,from_client; content:"GET"; http_method; content:"/sameer2135/offcam/refs/heads/main/opinable/cam_off_v2.2.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799177/; classtype:trojan-activity;sid:84662277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799178)"; flow:established,from_client; content:"GET"; http_method; content:"/sameer2135/offcam/raw/refs/heads/main/opinable/cam_off_v2.2.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799178/; classtype:trojan-activity;sid:84662278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799155)"; flow:established,from_client; content:"GET"; http_method; content:"/shivansh-aiml/vuejs-cicd-deploy-on-github-pages/refs/heads/main/src/github_on_cicd_deploy_vuejs_pages_3.6-beta.2.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799155/; classtype:trojan-activity;sid:84662255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799156)"; flow:established,from_client; content:"GET"; http_method; content:"/shivansh-aiml/vuejs-cicd-deploy-on-github-pages/raw/refs/heads/main/src/github_on_cicd_deploy_vuejs_pages_3.6-beta.2.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799156/; classtype:trojan-activity;sid:84662256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799139)"; flow:established,from_client; content:"GET"; http_method; content:"/philiplaurence123/brilliant-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/raw/refs/heads/main/brilliantcrypto-bot/minigames/cheat-clicker-crypto-game-api-hack-farm-auto-bot-brilliant-token-3.3-alpha.3.zip"; http_uri; depth:221; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799139/; classtype:trojan-activity;sid:84662239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799138)"; flow:established,from_client; content:"GET"; http_method; content:"/philiplaurence123/brilliant-crypto-bot-crypto-game-auto-farm-clicker-cheat-token-hack-api/refs/heads/main/brilliantcrypto-bot/minigames/cheat-clicker-crypto-game-api-hack-farm-auto-bot-brilliant-token-3.3-alpha.3.zip"; http_uri; depth:217; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799138/; classtype:trojan-activity;sid:84662238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799120)"; flow:established,from_client; content:"GET"; http_method; content:"/atabey9860/axie-infinity-bot-crypto-cheat-auto-farm-clicker-game-api-hack/refs/heads/main/axie-infinity-exp/axieenergycounter/properties/auto_hack_cheat_infinity_bot_api_axie_clicker_farm_game_crypto_3.3.zip"; http_uri; depth:208; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799120/; classtype:trojan-activity;sid:84662220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799121)"; flow:established,from_client; content:"GET"; http_method; content:"/atabey9860/axie-infinity-bot-crypto-cheat-auto-farm-clicker-game-api-hack/raw/refs/heads/main/axie-infinity-exp/axieenergycounter/properties/auto_hack_cheat_infinity_bot_api_axie_clicker_farm_game_crypto_3.3.zip"; http_uri; depth:212; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799121/; classtype:trojan-activity;sid:84662221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799114)"; flow:established,from_client; content:"GET"; http_method; content:"/roter515stuhl/aavegotchi-cheat-crypto-bot-auto-farm-clicker-game-api-hack/raw/refs/heads/main/aavegotchi-autoplay/aavegotchi-app/properties/cheat_game_auto_bot_hack_aavegotchi_crypto_api_clicker_farm_2.4.zip"; http_uri; depth:208; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799114/; classtype:trojan-activity;sid:84662214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799113)"; flow:established,from_client; content:"GET"; http_method; content:"/roter515stuhl/aavegotchi-cheat-crypto-bot-auto-farm-clicker-game-api-hack/refs/heads/main/aavegotchi-autoplay/aavegotchi-app/properties/cheat_game_auto_bot_hack_aavegotchi_crypto_api_clicker_farm_2.4.zip"; http_uri; depth:204; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799113/; classtype:trojan-activity;sid:84662213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799112)"; flow:established,from_client; content:"GET"; http_method; content:"/aeptr67/gashero-finance-game-bot-auto-farm-clicker-crypto-blockchain-hack-cheat/refs/heads/main/.vs/farm_hack_crypto_hero_cheat_auto_finance_gas_game_blockchain_clicker_bot_1.1.zip"; http_uri; depth:181; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799112/; classtype:trojan-activity;sid:84662212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799111)"; flow:established,from_client; content:"GET"; http_method; content:"/aeptr67/gashero-finance-game-bot-auto-farm-clicker-crypto-blockchain-hack-cheat/raw/refs/heads/main/.vs/farm_hack_crypto_hero_cheat_auto_finance_gas_game_blockchain_clicker_bot_1.1.zip"; http_uri; depth:185; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799111/; classtype:trojan-activity;sid:84662211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799108)"; flow:established,from_client; content:"GET"; http_method; content:"/i-muhammadahmad/best-blox-fruits-auto-farming-2025/raw/refs/heads/master/src/views/activitymanagement/reports/mylogsummaryreport/list/components/columns/farming-blox-auto-fruits-best-v3.0.zip"; http_uri; depth:192; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799108/; classtype:trojan-activity;sid:84662208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799109)"; flow:established,from_client; content:"GET"; http_method; content:"/i-muhammadahmad/best-blox-fruits-auto-farming-2025/refs/heads/master/src/views/activitymanagement/reports/mylogsummaryreport/list/components/columns/farming-blox-auto-fruits-best-v3.0.zip"; http_uri; depth:188; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799109/; classtype:trojan-activity;sid:84662209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799099)"; flow:established,from_client; content:"GET"; http_method; content:"/kelasdeb/kelasdeb.github.io/refs/heads/main/whun/kelasdeb-github-io-2.8.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799099/; classtype:trojan-activity;sid:84662199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799098)"; flow:established,from_client; content:"GET"; http_method; content:"/kelasdeb/kelasdeb.github.io/raw/refs/heads/main/whun/kelasdeb-github-io-2.8.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799098/; classtype:trojan-activity;sid:84662198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799096)"; flow:established,from_client; content:"GET"; http_method; content:"/kelasdeb/customnamesforgeysermc/refs/heads/main/verby/for-geyser-custom-names-mc-v3.5.zip"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799096/; classtype:trojan-activity;sid:84662196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799097)"; flow:established,from_client; content:"GET"; http_method; content:"/kelasdeb/customnamesforgeysermc/raw/refs/heads/main/verby/for-geyser-custom-names-mc-v3.5.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799097/; classtype:trojan-activity;sid:84662197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799095)"; flow:established,from_client; content:"GET"; http_method; content:"/brahimelgarouaoui/fitworrior/refs/heads/main/css/software-v1.0.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799095/; classtype:trojan-activity;sid:84662195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799092)"; flow:established,from_client; content:"GET"; http_method; content:"/brahimelgarouaoui/rl-name-changer/raw/refs/heads/main/src/name-r-changer-v2.3.zip"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799092/; classtype:trojan-activity;sid:84662192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799093)"; flow:established,from_client; content:"GET"; http_method; content:"/brahimelgarouaoui/rl-name-changer/refs/heads/main/src/name-r-changer-v2.3.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799093/; classtype:trojan-activity;sid:84662193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799094)"; flow:established,from_client; content:"GET"; http_method; content:"/brahimelgarouaoui/fitworrior/raw/refs/heads/main/css/software-v1.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799094/; classtype:trojan-activity;sid:84662194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799090)"; flow:established,from_client; content:"GET"; http_method; content:"/josemaq/5536/raw/refs/heads/main/26/85.txt"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799090/; classtype:trojan-activity;sid:84662190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3799089)"; flow:established,from_client; content:"GET"; http_method; content:"/josemaq/5536/refs/heads/main/26/85.txt"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3799089/; classtype:trojan-activity;sid:84662189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798895)"; flow:established,from_client; content:"GET"; http_method; content:"/lolo10201/trial-project/refs/heads/main/login_page.txt"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798895/; classtype:trojan-activity;sid:84661995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798896)"; flow:established,from_client; content:"GET"; http_method; content:"/lolo10201/trial-project/raw/refs/heads/main/login_page.txt"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798896/; classtype:trojan-activity;sid:84661996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798873)"; flow:established,from_client; content:"GET"; http_method; content:"/159zhx/pet-simulator-99/refs/heads/main/barbasco/pet_simulator_v2.5.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798873/; classtype:trojan-activity;sid:84661973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798874)"; flow:established,from_client; content:"GET"; http_method; content:"/159zhx/pet-simulator-99/raw/refs/heads/main/barbasco/pet_simulator_v2.5.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798874/; classtype:trojan-activity;sid:84661974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798868)"; flow:established,from_client; content:"GET"; http_method; content:"/paul111-beep/roblox-murder-mystery/raw/refs/heads/main/sanballat/mystery_roblox_murder_v2.2-alpha.5.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798868/; classtype:trojan-activity;sid:84661968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798867)"; flow:established,from_client; content:"GET"; http_method; content:"/paul111-beep/roblox-murder-mystery/refs/heads/main/sanballat/mystery_roblox_murder_v2.2-alpha.5.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798867/; classtype:trojan-activity;sid:84661967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798850)"; flow:established,from_client; content:"GET"; http_method; content:"/artistic-minds9/roblox-death-ball-script/raw/refs/heads/main/vesiculose/ball-roblox-script-death-2.2.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798850/; classtype:trojan-activity;sid:84661950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798849)"; flow:established,from_client; content:"GET"; http_method; content:"/artistic-minds9/roblox-death-ball-script/refs/heads/main/vesiculose/ball-roblox-script-death-2.2.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798849/; classtype:trojan-activity;sid:84661949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798847)"; flow:established,from_client; content:"GET"; http_method; content:"/marik201517/roblox-death-ball-script/refs/heads/main/perpera/ball_roblox_script_death_v3.4.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798847/; classtype:trojan-activity;sid:84661947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798848)"; flow:established,from_client; content:"GET"; http_method; content:"/marik201517/roblox-death-ball-script/raw/refs/heads/main/perpera/ball_roblox_script_death_v3.4.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798848/; classtype:trojan-activity;sid:84661948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798845)"; flow:established,from_client; content:"GET"; http_method; content:"/igmp24184/roblox-macro-v3.0.0/raw/refs/heads/main/language/roblo-macr-v2.1.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798845/; classtype:trojan-activity;sid:84661945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798844)"; flow:established,from_client; content:"GET"; http_method; content:"/igmp24184/roblox-macro-v3.0.0/refs/heads/main/language/roblo-macr-v2.1.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798844/; classtype:trojan-activity;sid:84661944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798843)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/gsc-project/refs/heads/backend/packages/portable.bouncycastle.1.9.0/project-gs-v1.3.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798843/; classtype:trojan-activity;sid:84661943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798840)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/gsc-project/raw/refs/heads/backend/packages/portable.bouncycastle.1.9.0/project-gs-v1.3.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798840/; classtype:trojan-activity;sid:84661940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798841)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/studentchecklist/raw/refs/heads/api/fileschecklist/bin/debug/net8.0/zh-hant/check-student-list-v3.3.zip"; http_uri; depth:116; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798841/; classtype:trojan-activity;sid:84661941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798842)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/example/raw/refs/heads/main/fileschecklist/bin/debug/net8.0/software_2.5.zip"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798842/; classtype:trojan-activity;sid:84661942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798836)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/version8project/raw/refs/heads/main/gsc-inventoryproject/obj/release/project-version-v3.1.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798836/; classtype:trojan-activity;sid:84661936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798837)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/version8project/refs/heads/main/gsc-inventoryproject/obj/release/project-version-v3.1.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798837/; classtype:trojan-activity;sid:84661937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798838)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/studentchecklist/refs/heads/api/fileschecklist/bin/debug/net8.0/zh-hant/check-student-list-v3.3.zip"; http_uri; depth:112; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798838/; classtype:trojan-activity;sid:84661938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798839)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/example/refs/heads/main/fileschecklist/bin/debug/net8.0/software_2.5.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798839/; classtype:trojan-activity;sid:84661939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798833)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/roblox-executor/refs/heads/master/inventorybackend/packages/k4os.hash.xxhash.1.0.6/roblox-executor-kayles.zip"; http_uri; depth:122; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798833/; classtype:trojan-activity;sid:84661933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798834)"; flow:established,from_client; content:"GET"; http_method; content:"/unknown4522/roblox-executor/raw/refs/heads/master/inventorybackend/packages/k4os.hash.xxhash.1.0.6/roblox-executor-kayles.zip"; http_uri; depth:126; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798834/; classtype:trojan-activity;sid:84661934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798830)"; flow:established,from_client; content:"GET"; http_method; content:"/edwinango/synchronizer/raw/refs/heads/main/docs-site/software_2.7-beta.1.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798830/; classtype:trojan-activity;sid:84661930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798831)"; flow:established,from_client; content:"GET"; http_method; content:"/edwinango/synchronizer/refs/heads/main/docs-site/software_2.7-beta.1.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798831/; classtype:trojan-activity;sid:84661931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798829)"; flow:established,from_client; content:"GET"; http_method; content:"/damartr23/fischroblox/raw/refs/heads/main/assure/fisch-roblox-3.4-alpha.3.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798829/; classtype:trojan-activity;sid:84661929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798823)"; flow:established,from_client; content:"GET"; http_method; content:"/naruto1233958/roblox-fisch-script/refs/heads/main/mull/script-roblox-fisch-v1.0-beta.5.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798823/; classtype:trojan-activity;sid:84661923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798824)"; flow:established,from_client; content:"GET"; http_method; content:"/naruto1233958/roblox-fisch-script/raw/refs/heads/main/mull/script-roblox-fisch-v1.0-beta.5.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798824/; classtype:trojan-activity;sid:84661924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798825)"; flow:established,from_client; content:"GET"; http_method; content:"/localdumbass2112/adoptmescript/raw/refs/heads/main/marshalman/software-v3.9.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798825/; classtype:trojan-activity;sid:84661925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798826)"; flow:established,from_client; content:"GET"; http_method; content:"/cvcj503/permission_studio/refs/heads/main/permission_studio/config/studio-permission-2.9.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798826/; classtype:trojan-activity;sid:84661926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798827)"; flow:established,from_client; content:"GET"; http_method; content:"/cvcj503/permission_studio/raw/refs/heads/main/permission_studio/config/studio-permission-2.9.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798827/; classtype:trojan-activity;sid:84661927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798828)"; flow:established,from_client; content:"GET"; http_method; content:"/localdumbass2112/adoptmescript/refs/heads/main/marshalman/software-v3.9.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798828/; classtype:trojan-activity;sid:84661928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798822)"; flow:established,from_client; content:"GET"; http_method; content:"/damartr23/fischroblox/refs/heads/main/assure/fisch-roblox-3.4-alpha.3.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798822/; classtype:trojan-activity;sid:84661922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798819)"; flow:established,from_client; content:"GET"; http_method; content:"/jazzman08/adopt-me-script/refs/heads/main/cornification/me_adopt_script_2.0.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798819/; classtype:trojan-activity;sid:84661919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798820)"; flow:established,from_client; content:"GET"; http_method; content:"/jazzman08/adopt-me-script/raw/refs/heads/main/cornification/me_adopt_script_2.0.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798820/; classtype:trojan-activity;sid:84661920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798813)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/cv/raw/refs/heads/main/relayman/software-v3.3.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798813/; classtype:trojan-activity;sid:84661913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798812)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/cv/refs/heads/main/relayman/software-v3.3.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798812/; classtype:trojan-activity;sid:84661912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798810)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/drumkit/refs/heads/main/images/kit_drum_v2.7.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798810/; classtype:trojan-activity;sid:84661910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798811)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/drumkit/raw/refs/heads/main/images/kit_drum_v2.7.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798811/; classtype:trojan-activity;sid:84661911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798808)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/rbxfpsunlocker/refs/heads/main/sheepwalker/software_v2.5.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798808/; classtype:trojan-activity;sid:84661908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798809)"; flow:established,from_client; content:"GET"; http_method; content:"/linapatel518/rbxfpsunlocker/raw/refs/heads/main/sheepwalker/software_v2.5.zip"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798809/; classtype:trojan-activity;sid:84661909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798804)"; flow:established,from_client; content:"GET"; http_method; content:"/fraze76/open-aimbot/raw/refs/heads/main/tremulant/open-aimbot-1.7.zip"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798804/; classtype:trojan-activity;sid:84661904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798803)"; flow:established,from_client; content:"GET"; http_method; content:"/fraze76/open-aimbot/refs/heads/main/tremulant/open-aimbot-1.7.zip"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798803/; classtype:trojan-activity;sid:84661903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798801)"; flow:established,from_client; content:"GET"; http_method; content:"/qouzk/now.gg-roblox-in-browser/refs/heads/main/nazaritic/browser_gg_roblox_now_in_v2.4.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798801/; classtype:trojan-activity;sid:84661901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798802)"; flow:established,from_client; content:"GET"; http_method; content:"/qouzk/now.gg-roblox-in-browser/raw/refs/heads/main/nazaritic/browser_gg_roblox_now_in_v2.4.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798802/; classtype:trojan-activity;sid:84661902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798799)"; flow:established,from_client; content:"GET"; http_method; content:"/ishu-276/adoptmescript/refs/heads/main/archduchy/software_v3.0.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798799/; classtype:trojan-activity;sid:84661899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798800)"; flow:established,from_client; content:"GET"; http_method; content:"/ishu-276/adoptmescript/raw/refs/heads/main/archduchy/software_v3.0.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798800/; classtype:trojan-activity;sid:84661900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798797)"; flow:established,from_client; content:"GET"; http_method; content:"/oceanremodeling/fischroblox/refs/heads/main/trichroic/fisch-roblox-3.5.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798797/; classtype:trojan-activity;sid:84661897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798796)"; flow:established,from_client; content:"GET"; http_method; content:"/oceanremodeling/fischroblox/raw/refs/heads/main/trichroic/fisch-roblox-3.5.zip"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798796/; classtype:trojan-activity;sid:84661896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798794)"; flow:established,from_client; content:"GET"; http_method; content:"/ayuxxxxx/build-a-truck-roblox-toolkit/refs/heads/branch/icelandic/a_truck_toolkit_build_roblox_v2.4.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798794/; classtype:trojan-activity;sid:84661894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798795)"; flow:established,from_client; content:"GET"; http_method; content:"/ibrahim832023/adoptme-script-download/raw/refs/heads/main/palingenesy/script_m_adopt_download_v1.6.zip"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798795/; classtype:trojan-activity;sid:84661895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798793)"; flow:established,from_client; content:"GET"; http_method; content:"/ayuxxxxx/build-a-truck-roblox-toolkit/raw/refs/heads/branch/icelandic/a_truck_toolkit_build_roblox_v2.4.zip"; http_uri; depth:108; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798793/; classtype:trojan-activity;sid:84661893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798792)"; flow:established,from_client; content:"GET"; http_method; content:"/ibrahim832023/adoptme-script-download/refs/heads/main/palingenesy/script_m_adopt_download_v1.6.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798792/; classtype:trojan-activity;sid:84661892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798789)"; flow:established,from_client; content:"GET"; http_method; content:"/expect8iondev/towersim-hardcore-evolution/raw/refs/heads/branch/capitolium/hardcore_towersim_evolution_2.1.zip"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798789/; classtype:trojan-activity;sid:84661889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798790)"; flow:established,from_client; content:"GET"; http_method; content:"/expect8iondev/towersim-hardcore-evolution/refs/heads/branch/capitolium/hardcore_towersim_evolution_2.1.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798790/; classtype:trojan-activity;sid:84661890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798787)"; flow:established,from_client; content:"GET"; http_method; content:"/mahmoudwagih1/ant-man-simulator-toolkit/refs/heads/branch/barrabkie/toolkit_simulator_ant_man_pursily.zip"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798787/; classtype:trojan-activity;sid:84661887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798788)"; flow:established,from_client; content:"GET"; http_method; content:"/mahmoudwagih1/ant-man-simulator-toolkit/raw/refs/heads/branch/barrabkie/toolkit_simulator_ant_man_pursily.zip"; http_uri; depth:110; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798788/; classtype:trojan-activity;sid:84661888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"174.105.154.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798745/; classtype:trojan-activity;sid:84661845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798630)"; flow:established,from_client; content:"GET"; http_method; content:"/amuthan1808/valorant-efi-drivver-cheat-hack/refs/heads/main/hyprism/valoran_drivve_hack_cheat_ef_nephrosclerosis.zip"; http_uri; depth:117; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798630/; classtype:trojan-activity;sid:84661730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3798629)"; flow:established,from_client; content:"GET"; http_method; content:"/amuthan1808/valorant-efi-drivver-cheat-hack/raw/refs/heads/main/hyprism/valoran_drivve_hack_cheat_ef_nephrosclerosis.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_18; reference:url, urlhaus.abuse.ch/url/3798629/; classtype:trojan-activity;sid:84661729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.105.154.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_15; reference:url, urlhaus.abuse.ch/url/3796886/; classtype:trojan-activity;sid:84659986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796281)"; flow:established,from_client; content:"GET"; http_method; content:"/gabssama12/gabssama12.github.io/raw/refs/heads/main/paganishly/github-gabssama-io-3.7-beta.1.zip"; http_uri; depth:97; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796281/; classtype:trojan-activity;sid:84659381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796278)"; flow:established,from_client; content:"GET"; http_method; content:"/gabssama12/gabssama12.github.io/refs/heads/main/paganishly/github-gabssama-io-3.7-beta.1.zip"; http_uri; depth:93; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796278/; classtype:trojan-activity;sid:84659378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796279)"; flow:established,from_client; content:"GET"; http_method; content:"/gabssama12/plugin.video.netflix/refs/heads/master/docs/netflix-video-plugin-3.0-beta.1.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796279/; classtype:trojan-activity;sid:84659379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796280)"; flow:established,from_client; content:"GET"; http_method; content:"/gabssama12/plugin.video.netflix/raw/refs/heads/master/docs/netflix-video-plugin-3.0-beta.1.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796280/; classtype:trojan-activity;sid:84659380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796277)"; flow:established,from_client; content:"GET"; http_method; content:"/gabssama12/spoon-awesome-skill/raw/refs/heads/master/spoonos-skills/platform-integration/scripts/spoon_awesome_skill_1.0.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796277/; classtype:trojan-activity;sid:84659377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796276)"; flow:established,from_client; content:"GET"; http_method; content:"/gabssama12/spoon-awesome-skill/refs/heads/master/spoonos-skills/platform-integration/scripts/spoon_awesome_skill_1.0.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796276/; classtype:trojan-activity;sid:84659376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796273)"; flow:established,from_client; content:"GET"; http_method; content:"/nirmallimbachiya/ignite/raw/refs/heads/main/js/software-2.5.zip"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796273/; classtype:trojan-activity;sid:84659373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796274)"; flow:established,from_client; content:"GET"; http_method; content:"/nirmallimbachiya/ignite/refs/heads/main/js/software-2.5.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796274/; classtype:trojan-activity;sid:84659374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796271)"; flow:established,from_client; content:"GET"; http_method; content:"/capitaltaser/qwen3-tts-dubflow/raw/refs/heads/main/dramaturge/dub-qwen-flow-tt-v1.1.zip"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796271/; classtype:trojan-activity;sid:84659371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796272)"; flow:established,from_client; content:"GET"; http_method; content:"/capitaltaser/qwen3-tts-dubflow/refs/heads/main/dramaturge/dub-qwen-flow-tt-v1.1.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796272/; classtype:trojan-activity;sid:84659372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796266)"; flow:established,from_client; content:"GET"; http_method; content:"/tianlanyb/gemini-in-chrome/raw/refs/heads/master/eighteen/in_gemini_chrome_preadherent.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796266/; classtype:trojan-activity;sid:84659366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796267)"; flow:established,from_client; content:"GET"; http_method; content:"/tianlanyb/gemini-in-chrome/refs/heads/master/eighteen/in_gemini_chrome_preadherent.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796267/; classtype:trojan-activity;sid:84659367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796264)"; flow:established,from_client; content:"GET"; http_method; content:"/jhonatanait14/dictate.sh/refs/heads/main/docs/sh-dictate-2.9-alpha.5.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796264/; classtype:trojan-activity;sid:84659364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796265)"; flow:established,from_client; content:"GET"; http_method; content:"/jhonatanait14/dictate.sh/raw/refs/heads/main/docs/sh-dictate-2.9-alpha.5.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796265/; classtype:trojan-activity;sid:84659365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796261)"; flow:established,from_client; content:"GET"; http_method; content:"/hggodhand33/skills/refs/heads/main/skills/.curated/doc/scripts/software_v3.3.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796261/; classtype:trojan-activity;sid:84659361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796262)"; flow:established,from_client; content:"GET"; http_method; content:"/hggodhand33/skills/raw/refs/heads/main/skills/.curated/doc/scripts/software_v3.3.zip"; http_uri; depth:85; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796262/; classtype:trojan-activity;sid:84659362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796260)"; flow:established,from_client; content:"GET"; http_method; content:"/theking1212wr/db_tools/refs/heads/main/opencode/skills/db_tools_v2.2.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796260/; classtype:trojan-activity;sid:84659360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796259)"; flow:established,from_client; content:"GET"; http_method; content:"/theking1212wr/db_tools/raw/refs/heads/main/opencode/skills/db_tools_v2.2.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796259/; classtype:trojan-activity;sid:84659359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796092)"; flow:established,from_client; content:"GET"; http_method; content:"/samuelhaxk/41369/refs/heads/main/256/233.txt"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796092/; classtype:trojan-activity;sid:84659192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3796087)"; flow:established,from_client; content:"GET"; http_method; content:"/samuelhaxk/41369/raw/refs/heads/main/256/233.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3796087/; classtype:trojan-activity;sid:84659187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795984)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"geo-foundation.vg"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795984/; classtype:trojan-activity;sid:84659084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795849)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795849/; classtype:trojan-activity;sid:84658949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795847)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pm68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795847/; classtype:trojan-activity;sid:84658947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795848)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pmpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795848/; classtype:trojan-activity;sid:84658948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795843)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795843/; classtype:trojan-activity;sid:84658943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795837)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795837/; classtype:trojan-activity;sid:84658937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795838)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795838/; classtype:trojan-activity;sid:84658938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795833)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795833/; classtype:trojan-activity;sid:84658933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795834)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/px86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795834/; classtype:trojan-activity;sid:84658934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795826)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/pspc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795826/; classtype:trojan-activity;sid:84658926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795823)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/psh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795823/; classtype:trojan-activity;sid:84658923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795824)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/parm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.152.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_14; reference:url, urlhaus.abuse.ch/url/3795824/; classtype:trojan-activity;sid:84658924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795199)"; flow:established,from_client; content:"GET"; http_method; content:"/pardufrigi_installer_1.0.p1.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"pardu.pages.dev"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795199/; classtype:trojan-activity;sid:84658299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3795193)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1yan6rsv"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_03_13; reference:url, urlhaus.abuse.ch/url/3795193/; classtype:trojan-activity;sid:84658293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794604)"; flow:established,from_client; content:"GET"; http_method; content:"/1827897262/mh/inject3.ps1"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"1827897262.v.123pan.cn"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794604/; classtype:trojan-activity;sid:84657704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794598)"; flow:established,from_client; content:"GET"; http_method; content:"/rustdesk-1.2.3-2-x86_64.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.150.co.il"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_12; reference:url, urlhaus.abuse.ch/url/3794598/; classtype:trojan-activity;sid:84657698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3794079)"; flow:established,from_client; content:"GET"; http_method; content:"/static/setup/autocad_v1.4.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cad.659t.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_03_11; reference:url, urlhaus.abuse.ch/url/3794079/; classtype:trojan-activity;sid:84657179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3793659)"; flow:established,from_client; content:"GET"; http_method; content:"/pdf/pdf/screenconnect.clientsetup.msi"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"preciosasjoyitas.com.mx"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_03_10; reference:url, urlhaus.abuse.ch/url/3793659/; classtype:trojan-activity;sid:84656759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792979)"; flow:established,from_client; content:"GET"; http_method; content:"/p"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792979/; classtype:trojan-activity;sid:84656079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792980)"; flow:established,from_client; content:"GET"; http_method; content:"/busybox"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792980/; classtype:trojan-activity;sid:84656080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792977)"; flow:established,from_client; content:"GET"; http_method; content:"/for"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_09; reference:url, urlhaus.abuse.ch/url/3792977/; classtype:trojan-activity;sid:84656077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792566)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792566/; classtype:trojan-activity;sid:84655666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3792474)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrget.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3792474/; classtype:trojan-activity;sid:84655574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791876)"; flow:established,from_client; content:"GET"; http_method; content:"/umari4u2get-cmd/encoder/raw/refs/heads/main/include/encoder1.txt"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791876/; classtype:trojan-activity;sid:84654976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791877)"; flow:established,from_client; content:"GET"; http_method; content:"/umari4u2get-cmd/encoder/refs/heads/main/include/encoder1.txt"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_03_08; reference:url, urlhaus.abuse.ch/url/3791877/; classtype:trojan-activity;sid:84654977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791680)"; flow:established,from_client; content:"GET"; http_method; content:"/twizt.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791680/; classtype:trojan-activity;sid:84654780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3791280)"; flow:established,from_client; content:"GET"; http_method; content:"/jquery.min-4.0.2.js"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"union.macoms.la"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_03_07; reference:url, urlhaus.abuse.ch/url/3791280/; classtype:trojan-activity;sid:84654380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790904)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790904/; classtype:trojan-activity;sid:84654004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790903)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.arm7"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790903/; classtype:trojan-activity;sid:84654003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790890)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.x86_64"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790890/; classtype:trojan-activity;sid:84653990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790891)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.x86_32"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790891/; classtype:trojan-activity;sid:84653991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790892)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.sh4"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790892/; classtype:trojan-activity;sid:84653992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790893)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.arc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790893/; classtype:trojan-activity;sid:84653993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790894)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.spc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790894/; classtype:trojan-activity;sid:84653994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790895)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790895/; classtype:trojan-activity;sid:84653995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790896)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.ppc440"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790896/; classtype:trojan-activity;sid:84653996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790897)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790897/; classtype:trojan-activity;sid:84653997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790898)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.arc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790898/; classtype:trojan-activity;sid:84653998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790899)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.spc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790899/; classtype:trojan-activity;sid:84653999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790901)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.ppc"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790901/; classtype:trojan-activity;sid:84654001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790902)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.mips"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790902/; classtype:trojan-activity;sid:84654002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790873)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.x86_32"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790873/; classtype:trojan-activity;sid:84653973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790874)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.arm6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790874/; classtype:trojan-activity;sid:84653974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790875)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.mipsl"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790875/; classtype:trojan-activity;sid:84653975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790876)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.m68k"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790876/; classtype:trojan-activity;sid:84653976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790877)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.i486"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790877/; classtype:trojan-activity;sid:84653977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790879)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.arm5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790879/; classtype:trojan-activity;sid:84653979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790880)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790880/; classtype:trojan-activity;sid:84653980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790881)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.mipsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790881/; classtype:trojan-activity;sid:84653981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790883)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.ppc440"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790883/; classtype:trojan-activity;sid:84653983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790884)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.arm"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790884/; classtype:trojan-activity;sid:84653984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790885)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790885/; classtype:trojan-activity;sid:84653985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790886)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.ppc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790886/; classtype:trojan-activity;sid:84653986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790887)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.i686"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790887/; classtype:trojan-activity;sid:84653987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790888)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/jawirbot.i486"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790888/; classtype:trojan-activity;sid:84653988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790889)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu/debug/debug.x86_64"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"142.248.80.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790889/; classtype:trojan-activity;sid:84653989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790743)"; flow:established,from_client; content:"GET"; http_method; content:"/nuts/poop"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.175.89.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790743/; classtype:trojan-activity;sid:84653843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790733)"; flow:established,from_client; content:"GET"; http_method; content:"/nuts/bolts"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"107.175.89.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790733/; classtype:trojan-activity;sid:84653833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3790490)"; flow:established,from_client; content:"GET"; http_method; content:"/w1/lib/autoit3.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"176.190.153.160.host.secureserver.net"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2026_03_06; reference:url, urlhaus.abuse.ch/url/3790490/; classtype:trojan-activity;sid:84653590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789876)"; flow:established,from_client; content:"GET"; http_method; content:"/web/encrypt.ps1"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"shahamanatme.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2026_03_05; reference:url, urlhaus.abuse.ch/url/3789876/; classtype:trojan-activity;sid:84652976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789461)"; flow:established,from_client; content:"GET"; http_method; content:"/ti/dajoke2.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"imagefiles-backup.oss-ap-southeast-7.aliyuncs.com"; http_host; depth:49; isdataat:!1,relative; metadata:created_at 2026_03_04; reference:url, urlhaus.abuse.ch/url/3789461/; classtype:trojan-activity;sid:84652561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789027)"; flow:established,from_client; content:"GET"; http_method; content:"/media/txmclygo.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"kokorostore.it"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3789027/; classtype:trojan-activity;sid:84652127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3789020)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.248.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_03_03; reference:url, urlhaus.abuse.ch/url/3789020/; classtype:trojan-activity;sid:84652120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788389)"; flow:established,from_client; content:"GET"; http_method; content:"/components/com_media/m1vebzk/jt1wulk/wxhmvac/new/optimized_msi.png"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"chungminhtaichinhsaigon.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788389/; classtype:trojan-activity;sid:84651489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788379)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"coralasargetia.ro"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788379/; classtype:trojan-activity;sid:84651479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788376)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"separadordecc.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_03_02; reference:url, urlhaus.abuse.ch/url/3788376/; classtype:trojan-activity;sid:84651476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3788070)"; flow:established,from_client; content:"GET"; http_method; content:"/pg.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_03_01; reference:url, urlhaus.abuse.ch/url/3788070/; classtype:trojan-activity;sid:84651170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787416)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|filename=xxwconvertedfile.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"bafybeidp7zdy2lu6yxvbgoev4b6xokuaa6jljr34vkflxzel2ya2gc3plm.ipfs.dweb.link"; http_host; depth:74; isdataat:!1,relative; metadata:created_at 2026_02_28; reference:url, urlhaus.abuse.ch/url/3787416/; classtype:trojan-activity;sid:84650516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3787075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"137.175.205.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3787075/; classtype:trojan-activity;sid:84650175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786983)"; flow:established,from_client; content:"GET"; http_method; content:"/abc1.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786983/; classtype:trojan-activity;sid:84650083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786984)"; flow:established,from_client; content:"GET"; http_method; content:"/abc3.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786984/; classtype:trojan-activity;sid:84650084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786985)"; flow:established,from_client; content:"GET"; http_method; content:"/abc2.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786985/; classtype:trojan-activity;sid:84650085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786981)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786981/; classtype:trojan-activity;sid:84650081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786727)"; flow:established,from_client; content:"GET"; http_method; content:"/jyng2002/cracked-enhancer-for-trello-extension/raw/refs/heads/main/hangworthy/cracked_trello_enhancer_for_extension_v1.3.zip"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786727/; classtype:trojan-activity;sid:84649827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786726)"; flow:established,from_client; content:"GET"; http_method; content:"/jyng2002/cracked-enhancer-for-trello-extension/refs/heads/main/hangworthy/cracked_trello_enhancer_for_extension_v1.3.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786726/; classtype:trojan-activity;sid:84649826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786725)"; flow:established,from_client; content:"GET"; http_method; content:"/teskkkkk/cracked-todoist-for-chrome/raw/refs/heads/main/fieldworker/cracked-chrome-for-todoist-v3.0.zip"; http_uri; depth:104; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786725/; classtype:trojan-activity;sid:84649825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786724)"; flow:established,from_client; content:"GET"; http_method; content:"/teskkkkk/cracked-todoist-for-chrome/refs/heads/main/fieldworker/cracked-chrome-for-todoist-v3.0.zip"; http_uri; depth:100; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786724/; classtype:trojan-activity;sid:84649824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786721)"; flow:established,from_client; content:"GET"; http_method; content:"/maybedesxie7/cracked-webpage-annotator-extension/refs/heads/main/decrepitation/cracked-annotator-webpage-extension-2.1-beta.4.zip"; http_uri; depth:130; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786721/; classtype:trojan-activity;sid:84649821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786720)"; flow:established,from_client; content:"GET"; http_method; content:"/maybedesxie7/cracked-webpage-annotator-extension/raw/refs/heads/main/decrepitation/cracked-annotator-webpage-extension-2.1-beta.4.zip"; http_uri; depth:134; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786720/; classtype:trojan-activity;sid:84649820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786712)"; flow:established,from_client; content:"GET"; http_method; content:"/sameeronwheels/cracked-save-to-milanote-extension/main/nonnucleated/to-extension-save-cracked-milanote-revalidate.zip"; http_uri; depth:118; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786712/; classtype:trojan-activity;sid:84649812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786713)"; flow:established,from_client; content:"GET"; http_method; content:"/sameeronwheels/cracked-save-to-milanote-extension/raw/refs/heads/main/nonnucleated/to-extension-save-cracked-milanote-revalidate.zip"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_27; reference:url, urlhaus.abuse.ch/url/3786713/; classtype:trojan-activity;sid:84649813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786364)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.250.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786364/; classtype:trojan-activity;sid:84649464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786353)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"37.142.77.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786353/; classtype:trojan-activity;sid:84649453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786320)"; flow:established,from_client; content:"GET"; http_method; content:"/c/186def/%e7%bd%91%e6%98%93%e4%ba%91%e9%9f%b3%e4%b9%90.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"dubapkg.cmcmcdn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786320/; classtype:trojan-activity;sid:84649420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786317)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"203.57.109.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786317/; classtype:trojan-activity;sid:84649417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786137)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786137/; classtype:trojan-activity;sid:84649237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786138)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786138/; classtype:trojan-activity;sid:84649238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786139)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786139/; classtype:trojan-activity;sid:84649239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786140)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786140/; classtype:trojan-activity;sid:84649240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786144)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786144/; classtype:trojan-activity;sid:84649244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786145)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786145/; classtype:trojan-activity;sid:84649245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786146)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786146/; classtype:trojan-activity;sid:84649246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3786135)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.116.52.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3786135/; classtype:trojan-activity;sid:84649235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785810)"; flow:established,from_client; content:"GET"; http_method; content:"/soloobr/z-loops/refs/heads/master/updatelm/properties/loops_z_v2.9.zip"; http_uri; depth:71; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3785810/; classtype:trojan-activity;sid:84648910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785811)"; flow:established,from_client; content:"GET"; http_method; content:"/soloobr/z-loops/raw/refs/heads/master/updatelm/properties/loops_z_v2.9.zip"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3785811/; classtype:trojan-activity;sid:84648911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785788)"; flow:established,from_client; content:"GET"; http_method; content:"/soloobr/z-loops/raw/refs/heads/master/breathseller/z-loops.zip"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_26; reference:url, urlhaus.abuse.ch/url/3785788/; classtype:trojan-activity;sid:84648888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.3.45.42"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785492/; classtype:trojan-activity;sid:84648592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785486)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"47.152.112.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785486/; classtype:trojan-activity;sid:84648586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785484)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.166.91.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785484/; classtype:trojan-activity;sid:84648584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785421)"; flow:established,from_client; content:"GET"; http_method; content:"/blackwall0220/roblox-discord-status-bot/raw/refs/heads/master/pelodytes/status-roblox-discord-bot-v2.8.zip"; http_uri; depth:107; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785421/; classtype:trojan-activity;sid:84648521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785380)"; flow:established,from_client; content:"GET"; http_method; content:"/satish-ss/roblox-matcha/raw/refs/heads/master/bacula/matcha-roblox-v3.9-beta.1.zip"; http_uri; depth:83; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_25; reference:url, urlhaus.abuse.ch/url/3785380/; classtype:trojan-activity;sid:84648480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3785098)"; flow:established,from_client; content:"GET"; http_method; content:"/n4.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.83.39.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3785098/; classtype:trojan-activity;sid:84648198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784859)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16784059/p.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784859/; classtype:trojan-activity;sid:84647959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3784860)"; flow:established,from_client; content:"GET"; http_method; content:"/user-attachments/files/16784059/p.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_24; reference:url, urlhaus.abuse.ch/url/3784860/; classtype:trojan-activity;sid:84647960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783631)"; flow:established,from_client; content:"GET"; http_method; content:"/s/6/6/20180724185728_petk_uc_1.4.0.apk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"downali.game.uc.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783631/; classtype:trojan-activity;sid:84646731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783627)"; flow:established,from_client; content:"GET"; http_method; content:"/%e5%88%92%e5%ad%a6%e5%8f%b7v2--%e6%9e%81%e9%80%9f%e7%89%88.exe"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"xn--h6qpop2cq9nl9c.pages.dev"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783627/; classtype:trojan-activity;sid:84646727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783623)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/soft/111210/1_0048481261.rar"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cn.unionlever.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783623/; classtype:trojan-activity;sid:84646723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783624)"; flow:established,from_client; content:"GET"; http_method; content:"/approved%20document%23d53lu.msi"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"pub-bbbdebc2599c4d74b04c5d53e439f7a7.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783624/; classtype:trojan-activity;sid:84646724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783597)"; flow:established,from_client; content:"GET"; http_method; content:"/approved%20document%23402.vbs"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"pub-bbbdebc2599c4d74b04c5d53e439f7a7.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783597/; classtype:trojan-activity;sid:84646697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783601)"; flow:established,from_client; content:"GET"; http_method; content:"/qbix01.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"sutterpoint.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783601/; classtype:trojan-activity;sid:84646701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783423)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.60.107.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783423/; classtype:trojan-activity;sid:84646523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783426)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"87.138.104.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783426/; classtype:trojan-activity;sid:84646526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783414)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"159.196.16.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783414/; classtype:trojan-activity;sid:84646514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783412)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.152.141.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783412/; classtype:trojan-activity;sid:84646512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783405)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.139.95.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783405/; classtype:trojan-activity;sid:84646505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783402)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.237.41.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783402/; classtype:trojan-activity;sid:84646502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783397)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.129.16.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783397/; classtype:trojan-activity;sid:84646497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783395)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"218.103.122.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783395/; classtype:trojan-activity;sid:84646495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783379)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"77.174.79.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783379/; classtype:trojan-activity;sid:84646479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783380)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"62.45.171.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783380/; classtype:trojan-activity;sid:84646480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783384)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"193.165.245.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783384/; classtype:trojan-activity;sid:84646484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783372)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"92.43.24.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783372/; classtype:trojan-activity;sid:84646472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783369)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"121.101.79.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783369/; classtype:trojan-activity;sid:84646469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783366)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.175.181.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783366/; classtype:trojan-activity;sid:84646466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783363)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"109.167.133.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783363/; classtype:trojan-activity;sid:84646463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783365)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"182.54.141.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783365/; classtype:trojan-activity;sid:84646465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783352)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"84.86.236.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783352/; classtype:trojan-activity;sid:84646452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783354)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"210.149.155.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783354/; classtype:trojan-activity;sid:84646454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783343)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"78.44.199.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783343/; classtype:trojan-activity;sid:84646443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783351)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"203.38.121.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783351/; classtype:trojan-activity;sid:84646451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783331)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"49.176.254.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783331/; classtype:trojan-activity;sid:84646431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783310)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"180.35.14.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783310/; classtype:trojan-activity;sid:84646410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783304)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"108.41.80.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783304/; classtype:trojan-activity;sid:84646404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783306)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"2.238.146.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783306/; classtype:trojan-activity;sid:84646406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783298)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.71.233.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783298/; classtype:trojan-activity;sid:84646398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783274)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"42.200.182.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783274/; classtype:trojan-activity;sid:84646374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783275)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"182.93.58.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783275/; classtype:trojan-activity;sid:84646375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783256)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"78.111.82.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783256/; classtype:trojan-activity;sid:84646356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783252)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"153.136.164.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783252/; classtype:trojan-activity;sid:84646352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783244)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"174.71.238.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783244/; classtype:trojan-activity;sid:84646344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783246)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"109.129.108.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783246/; classtype:trojan-activity;sid:84646346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783230)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"96.49.197.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783230/; classtype:trojan-activity;sid:84646330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783231)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"220.246.34.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783231/; classtype:trojan-activity;sid:84646331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783213)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"80.147.3.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783213/; classtype:trojan-activity;sid:84646313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783202)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"218.188.43.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783202/; classtype:trojan-activity;sid:84646302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783211)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"222.154.246.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783211/; classtype:trojan-activity;sid:84646311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783196)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"94.168.120.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783196/; classtype:trojan-activity;sid:84646296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783197)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"141.134.214.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783197/; classtype:trojan-activity;sid:84646297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783200)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"188.15.129.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783200/; classtype:trojan-activity;sid:84646300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783201)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"182.54.141.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783201/; classtype:trojan-activity;sid:84646301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783184)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"99.53.69.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783184/; classtype:trojan-activity;sid:84646284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3783189)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.200.67.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3783189/; classtype:trojan-activity;sid:84646289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782795)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782795/; classtype:trojan-activity;sid:84645895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782785)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782785/; classtype:trojan-activity;sid:84645885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782787)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782787/; classtype:trojan-activity;sid:84645887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782773)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782773/; classtype:trojan-activity;sid:84645873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782783)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782783/; classtype:trojan-activity;sid:84645883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782756)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782756/; classtype:trojan-activity;sid:84645856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782759)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782759/; classtype:trojan-activity;sid:84645859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782764)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782764/; classtype:trojan-activity;sid:84645864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782745)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782745/; classtype:trojan-activity;sid:84645845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782746)"; flow:established,from_client; content:"GET"; http_method; content:"/network/bin.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782746/; classtype:trojan-activity;sid:84645846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782695)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782695/; classtype:trojan-activity;sid:84645795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3782689)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.90.163.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_22; reference:url, urlhaus.abuse.ch/url/3782689/; classtype:trojan-activity;sid:84645789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"149.106.141.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781948/; classtype:trojan-activity;sid:84645048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781942)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.89.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781942/; classtype:trojan-activity;sid:84645042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781617)"; flow:established,from_client; content:"GET"; http_method; content:"/h64.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"aaronart.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781617/; classtype:trojan-activity;sid:84644717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781614)"; flow:established,from_client; content:"GET"; http_method; content:"/m64.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"creativevoltage.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_02_20; reference:url, urlhaus.abuse.ch/url/3781614/; classtype:trojan-activity;sid:84644714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781331)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.228.4.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781331/; classtype:trojan-activity;sid:84644431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3781328)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"144.6.89.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_19; reference:url, urlhaus.abuse.ch/url/3781328/; classtype:trojan-activity;sid:84644428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780767)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780767/; classtype:trojan-activity;sid:84643867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780504)"; flow:established,from_client; content:"GET"; http_method; content:"/view_archive.php|3f|archive=/35/items/201004011329/201004011329.iso|7c|26|7c|file=activation%20%26%20serial%20for%20windows%20xp%2frockxp4.exe"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"ia802801.us.archive.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780504/; classtype:trojan-activity;sid:84643604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.227.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780332/; classtype:trojan-activity;sid:84643432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780319)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.54.221.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780319/; classtype:trojan-activity;sid:84643419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780278)"; flow:established,from_client; content:"GET"; http_method; content:"/5a9e6e0a.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kavacanada.ca"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780278/; classtype:trojan-activity;sid:84643378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780170)"; flow:established,from_client; content:"GET"; http_method; content:"/ghost.bot.apk.v13.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"shadowbot-dih.pages.dev"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780170/; classtype:trojan-activity;sid:84643270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3780164)"; flow:established,from_client; content:"GET"; http_method; content:"/shadow-bot-v11.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"shadowbot-dih.pages.dev"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2026_02_18; reference:url, urlhaus.abuse.ch/url/3780164/; classtype:trojan-activity;sid:84643264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779939)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779939/; classtype:trojan-activity;sid:84643039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779909)"; flow:established,from_client; content:"GET"; http_method; content:"/filepath.mp4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"kavacanada.ca"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779909/; classtype:trojan-activity;sid:84643009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779763)"; flow:established,from_client; content:"GET"; http_method; content:"/22216.mp4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"kavacanada.ca"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779763/; classtype:trojan-activity;sid:84642863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.246.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779755/; classtype:trojan-activity;sid:84642855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.89.189.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779752/; classtype:trojan-activity;sid:84642852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779635)"; flow:established,from_client; content:"GET"; http_method; content:"/abc2.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779635/; classtype:trojan-activity;sid:84642735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779637)"; flow:established,from_client; content:"GET"; http_method; content:"/abc1.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779637/; classtype:trojan-activity;sid:84642737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779638)"; flow:established,from_client; content:"GET"; http_method; content:"/abc3.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779638/; classtype:trojan-activity;sid:84642738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779626)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779626/; classtype:trojan-activity;sid:84642726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779622)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779622/; classtype:trojan-activity;sid:84642722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779617)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779617/; classtype:trojan-activity;sid:84642717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779618)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779618/; classtype:trojan-activity;sid:84642718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779606)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779606/; classtype:trojan-activity;sid:84642706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779608)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779608/; classtype:trojan-activity;sid:84642708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779615)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779615/; classtype:trojan-activity;sid:84642715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779604)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bbos.minet.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779604/; classtype:trojan-activity;sid:84642704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.209.57.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779262/; classtype:trojan-activity;sid:84642362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3779259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.209.57.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_17; reference:url, urlhaus.abuse.ch/url/3779259/; classtype:trojan-activity;sid:84642359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778746)"; flow:established,from_client; content:"GET"; http_method; content:"/15%ec%8b%ac%ed%94%8c%ec%8a%a4%ec%ba%94.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"m.jkoa.co.kr"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_16; reference:url, urlhaus.abuse.ch/url/3778746/; classtype:trojan-activity;sid:84641846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3778490)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.191.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_15; reference:url, urlhaus.abuse.ch/url/3778490/; classtype:trojan-activity;sid:84641590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777931)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"103.74.5.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777931/; classtype:trojan-activity;sid:84641031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777925)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"210.245.90.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777925/; classtype:trojan-activity;sid:84641025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777918)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.139.167.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777918/; classtype:trojan-activity;sid:84641018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777919)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"172.96.189.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777919/; classtype:trojan-activity;sid:84641019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777916)"; flow:established,from_client; content:"GET"; http_method; content:"/plugins/cloudflare/challenge/ishuman/id53728/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"widexenmexico.com.mx"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2026_02_14; reference:url, urlhaus.abuse.ch/url/3777916/; classtype:trojan-activity;sid:84641016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.158.90.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777241/; classtype:trojan-activity;sid:84640341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.173.12.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777214/; classtype:trojan-activity;sid:84640314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777182)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.8.20.75"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777182/; classtype:trojan-activity;sid:84640282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777171)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777171/; classtype:trojan-activity;sid:84640271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777173)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777173/; classtype:trojan-activity;sid:84640273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777174)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777174/; classtype:trojan-activity;sid:84640274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777175)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777175/; classtype:trojan-activity;sid:84640275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777176)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777176/; classtype:trojan-activity;sid:84640276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777170)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"81.151.191.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777170/; classtype:trojan-activity;sid:84640270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777084)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan32.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"124.44.3.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777084/; classtype:trojan-activity;sid:84640184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777069)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"124.44.3.74"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777069/; classtype:trojan-activity;sid:84640169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777050)"; flow:established,from_client; content:"GET"; http_method; content:"/re45766712.msi"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"drevos.ro"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777050/; classtype:trojan-activity;sid:84640150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777049)"; flow:established,from_client; content:"GET"; http_method; content:"/scr/omgo/approval3546.msi"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"luizmatoso.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777049/; classtype:trojan-activity;sid:84640149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3777048)"; flow:established,from_client; content:"GET"; http_method; content:"/ref62535.msi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vizyonuniversitesi.web.tr"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_13; reference:url, urlhaus.abuse.ch/url/3777048/; classtype:trojan-activity;sid:84640148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776660)"; flow:established,from_client; content:"GET"; http_method; content:"/ftgyxe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fukt.link"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776660/; classtype:trojan-activity;sid:84639760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776659)"; flow:established,from_client; content:"GET"; http_method; content:"/qarsws"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"fukt.link"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776659/; classtype:trojan-activity;sid:84639759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776653)"; flow:established,from_client; content:"GET"; http_method; content:"/joh/encrypted.ps1"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"refaccionesalma.com.mx"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776653/; classtype:trojan-activity;sid:84639753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776347)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnmipsxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.chanmiraicd1.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776347/; classtype:trojan-activity;sid:84639447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776288)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.chanmiraicd1.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776288/; classtype:trojan-activity;sid:84639388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776282)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnpowerpcxnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"chanmiraicd1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776282/; classtype:trojan-activity;sid:84639382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776283)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnm68kxnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"chanmiraicd1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776283/; classtype:trojan-activity;sid:84639383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776287)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"www.chanmiraicd1.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776287/; classtype:trojan-activity;sid:84639387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776275)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxni386xnxn"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"www.chanmiraicd1.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776275/; classtype:trojan-activity;sid:84639375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776278)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnaarch64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"chanmiraicd1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776278/; classtype:trojan-activity;sid:84639378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776274)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"chanmiraicd1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776274/; classtype:trojan-activity;sid:84639374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776263)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnsh4xnxn"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.chanmiraicd1.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776263/; classtype:trojan-activity;sid:84639363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776264)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnx86_64xnxn"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"www.chanmiraicd1.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776264/; classtype:trojan-activity;sid:84639364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3776258)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/xnxnxnxnxnxnxnxnriscv64xnxn"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"chanmiraicd1.duckdns.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2026_02_12; reference:url, urlhaus.abuse.ch/url/3776258/; classtype:trojan-activity;sid:84639358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3775926)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.158.90.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_11; reference:url, urlhaus.abuse.ch/url/3775926/; classtype:trojan-activity;sid:84639026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774774)"; flow:established,from_client; content:"GET"; http_method; content:"/watching"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774774/; classtype:trojan-activity;sid:84637874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774775)"; flow:established,from_client; content:"GET"; http_method; content:"/gs-netcat_linux-x86_64"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774775/; classtype:trojan-activity;sid:84637875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774739)"; flow:established,from_client; content:"GET"; http_method; content:"/ss"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.8.78.15"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774739/; classtype:trojan-activity;sid:84637839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774678)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.181.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774678/; classtype:trojan-activity;sid:84637778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774676)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.58.64.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774676/; classtype:trojan-activity;sid:84637776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774663)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"179.43.186.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774663/; classtype:trojan-activity;sid:84637763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774654)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"111.228.55.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774654/; classtype:trojan-activity;sid:84637754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774640)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.219.76.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774640/; classtype:trojan-activity;sid:84637740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774628)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"52.248.41.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774628/; classtype:trojan-activity;sid:84637728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774635)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.3.233.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_08; reference:url, urlhaus.abuse.ch/url/3774635/; classtype:trojan-activity;sid:84637735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774075)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/aarch64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774075/; classtype:trojan-activity;sid:84637175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774073)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774073/; classtype:trojan-activity;sid:84637173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774072)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774072/; classtype:trojan-activity;sid:84637172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3774069)"; flow:established,from_client; content:"GET"; http_method; content:"/n2onsolana/armv5l"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"156.246.93.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3774069/; classtype:trojan-activity;sid:84637169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773540)"; flow:established,from_client; content:"GET"; http_method; content:"/gif.gif"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"pjsn.hi2.ro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773540/; classtype:trojan-activity;sid:84636640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773435)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.229.20.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773435/; classtype:trojan-activity;sid:84636535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773437)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.88.234.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_07; reference:url, urlhaus.abuse.ch/url/3773437/; classtype:trojan-activity;sid:84636537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773268)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.173.12.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773268/; classtype:trojan-activity;sid:84636368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773257)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"138.219.58.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773257/; classtype:trojan-activity;sid:84636357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773251)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.218.189.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773251/; classtype:trojan-activity;sid:84636351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3773225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.99.58.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_06; reference:url, urlhaus.abuse.ch/url/3773225/; classtype:trojan-activity;sid:84636325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772764)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"50.43.160.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772764/; classtype:trojan-activity;sid:84635864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772577)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.46.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772577/; classtype:trojan-activity;sid:84635677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772575)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.46.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772575/; classtype:trojan-activity;sid:84635675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.5.194.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772548/; classtype:trojan-activity;sid:84635648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772537)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.162.188.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772537/; classtype:trojan-activity;sid:84635637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772534)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.6.203"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772534/; classtype:trojan-activity;sid:84635634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772528)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"184.185.30.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772528/; classtype:trojan-activity;sid:84635628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772510)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoftteamupdate.msi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"vrajras.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_05; reference:url, urlhaus.abuse.ch/url/3772510/; classtype:trojan-activity;sid:84635610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3772096)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"bafybeieq7tctzxkqidqpq4fjvtznbupqrpo2w4n4lfmzksehei4dinilii.ipfs.w3s.link"; http_host; depth:73; isdataat:!1,relative; metadata:created_at 2026_02_04; reference:url, urlhaus.abuse.ch/url/3772096/; classtype:trojan-activity;sid:84635196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771741)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.62.202.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771741/; classtype:trojan-activity;sid:84634841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771659)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771659/; classtype:trojan-activity;sid:84634759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771648)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771648/; classtype:trojan-activity;sid:84634748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771632)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_121424_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771632/; classtype:trojan-activity;sid:84634732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771493)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.121.236.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771493/; classtype:trojan-activity;sid:84634593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771458)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771458/; classtype:trojan-activity;sid:84634558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771420)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771420/; classtype:trojan-activity;sid:84634520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771410)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771410/; classtype:trojan-activity;sid:84634510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771405)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771405/; classtype:trojan-activity;sid:84634505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771394)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771394/; classtype:trojan-activity;sid:84634494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771393)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771393/; classtype:trojan-activity;sid:84634493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771357)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771357/; classtype:trojan-activity;sid:84634457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771336)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.121.236.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771336/; classtype:trojan-activity;sid:84634436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771319)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771319/; classtype:trojan-activity;sid:84634419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771292)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771292/; classtype:trojan-activity;sid:84634392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771242)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.226.249.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771242/; classtype:trojan-activity;sid:84634342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771234)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.201.14.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771234/; classtype:trojan-activity;sid:84634334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771206)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771206/; classtype:trojan-activity;sid:84634306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771190)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"98.195.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771190/; classtype:trojan-activity;sid:84634290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771061)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/31%2012%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771061/; classtype:trojan-activity;sid:84634161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771062)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/08%2008%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771062/; classtype:trojan-activity;sid:84634162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771063)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/24%2010%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771063/; classtype:trojan-activity;sid:84634163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771060)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/11%2011%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771060/; classtype:trojan-activity;sid:84634160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771059)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/10%2012%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771059/; classtype:trojan-activity;sid:84634159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771056)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/07%2010%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771056/; classtype:trojan-activity;sid:84634156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771057)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/27%2007%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771057/; classtype:trojan-activity;sid:84634157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771058)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/30%2009%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771058/; classtype:trojan-activity;sid:84634158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771054)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/10%2001%202026/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771054/; classtype:trojan-activity;sid:84634154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771055)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/20%2012%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771055/; classtype:trojan-activity;sid:84634155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771050)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/20%2009%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771050/; classtype:trojan-activity;sid:84634150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771051)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/24%2012%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771051/; classtype:trojan-activity;sid:84634151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771052)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/15%2010%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771052/; classtype:trojan-activity;sid:84634152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771053)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/16%2001%202026/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771053/; classtype:trojan-activity;sid:84634153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771048)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/20%2007%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771048/; classtype:trojan-activity;sid:84634148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771045)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/12%2012%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771045/; classtype:trojan-activity;sid:84634145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771039)"; flow:established,from_client; content:"GET"; http_method; content:"/ser%20costa%20luz/02%2012%202025/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771039/; classtype:trojan-activity;sid:84634139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3771036)"; flow:established,from_client; content:"GET"; http_method; content:"/bitrix/cache/js/s1/universe_s1/kernel_main/kernel_main_v1.js"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"alternativas.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_02_03; reference:url, urlhaus.abuse.ch/url/3771036/; classtype:trojan-activity;sid:84634136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3770100)"; flow:established,from_client; content:"GET"; http_method; content:"/64.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3770100/; classtype:trojan-activity;sid:84633200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3767404)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.46.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3767404/; classtype:trojan-activity;sid:84630504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3767197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.99.58.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3767197/; classtype:trojan-activity;sid:84630297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3767101)"; flow:established,from_client; content:"GET"; http_method; content:"/bhekinko/test/main/notepad2.dll"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_02_01; reference:url, urlhaus.abuse.ch/url/3767101/; classtype:trojan-activity;sid:84630201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766633)"; flow:established,from_client; content:"GET"; http_method; content:"/pty2"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766633/; classtype:trojan-activity;sid:84629733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766628)"; flow:established,from_client; content:"GET"; http_method; content:"/pty3"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766628/; classtype:trojan-activity;sid:84629728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766629)"; flow:established,from_client; content:"GET"; http_method; content:"/pty1"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766629/; classtype:trojan-activity;sid:84629729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766630)"; flow:established,from_client; content:"GET"; http_method; content:"/pty4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766630/; classtype:trojan-activity;sid:84629730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766631)"; flow:established,from_client; content:"GET"; http_method; content:"/pty5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"69.46.43.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766631/; classtype:trojan-activity;sid:84629731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.5.194.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766587/; classtype:trojan-activity;sid:84629687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766565)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.46.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_31; reference:url, urlhaus.abuse.ch/url/3766565/; classtype:trojan-activity;sid:84629665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766226)"; flow:established,from_client; content:"GET"; http_method; content:"/get/cl.msi"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"corporacioncrf.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766226/; classtype:trojan-activity;sid:84629326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766219)"; flow:established,from_client; content:"GET"; http_method; content:"/filejantn.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"bafybeiffpkay6l7heq55epccneb563p5chjzclxnso3vkozyorphlz6ana.ipfs.w3s.link"; http_host; depth:73; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766219/; classtype:trojan-activity;sid:84629319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766053)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"separadordecc.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766053/; classtype:trojan-activity;sid:84629153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766045)"; flow:established,from_client; content:"GET"; http_method; content:"/v1/z1/optimized_msi.png"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"dialkwik.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766045/; classtype:trojan-activity;sid:84629145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3766021)"; flow:established,from_client; content:"GET"; http_method; content:"/optimized_msi.png"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"bafybeibfoyi7ruuyoncarf4xr55qa3lthsjjjgrktk4ia4z3upesawb4ry.ipfs.w3s.link"; http_host; depth:73; isdataat:!1,relative; metadata:created_at 2026_01_30; reference:url, urlhaus.abuse.ch/url/3766021/; classtype:trojan-activity;sid:84629121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3765537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.96.228.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_29; reference:url, urlhaus.abuse.ch/url/3765537/; classtype:trojan-activity;sid:84628637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3765534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.96.228.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_29; reference:url, urlhaus.abuse.ch/url/3765534/; classtype:trojan-activity;sid:84628634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3764383)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/order2390.msi"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"audicontadores.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_26; reference:url, urlhaus.abuse.ch/url/3764383/; classtype:trojan-activity;sid:84627483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.96.96.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_25; reference:url, urlhaus.abuse.ch/url/3763665/; classtype:trojan-activity;sid:84626765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3763137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.205.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_24; reference:url, urlhaus.abuse.ch/url/3763137/; classtype:trojan-activity;sid:84626237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762674)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.89.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762674/; classtype:trojan-activity;sid:84625774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.155.243.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762403/; classtype:trojan-activity;sid:84625503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.155.243.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_23; reference:url, urlhaus.abuse.ch/url/3762391/; classtype:trojan-activity;sid:84625491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762176)"; flow:established,from_client; content:"GET"; http_method; content:"/hamzaabiadi/cracked-tab-organizer-extension/main/altisonous/cracked-tab-organizer-extension.zip"; http_uri; depth:96; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762176/; classtype:trojan-activity;sid:84625276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762091)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.4.92.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762091/; classtype:trojan-activity;sid:84625191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762083)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"102.23.89.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762083/; classtype:trojan-activity;sid:84625183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762054)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.54.220.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762054/; classtype:trojan-activity;sid:84625154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762049)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.54.220.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762049/; classtype:trojan-activity;sid:84625149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3762050)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.54.220.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3762050/; classtype:trojan-activity;sid:84625150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761843)"; flow:established,from_client; content:"GET"; http_method; content:"/caio-arc/links/raw/refs/heads/main/application.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761843/; classtype:trojan-activity;sid:84624943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761841)"; flow:established,from_client; content:"GET"; http_method; content:"/keyur-m/hometask/raw/refs/heads/main/application.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761841/; classtype:trojan-activity;sid:84624941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761824)"; flow:established,from_client; content:"GET"; http_method; content:"/teeeeeeeeeellkall/cracked-tab-groups-extension/main/clackety/cracked-tab-groups-extension.zip"; http_uri; depth:94; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761824/; classtype:trojan-activity;sid:84624924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761823)"; flow:established,from_client; content:"GET"; http_method; content:"/teskkkkk/cracked-todoist-for-chrome/main/fieldworker/cracked-todoist-for-chrome.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761823/; classtype:trojan-activity;sid:84624923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761822)"; flow:established,from_client; content:"GET"; http_method; content:"/class1k/cracked-save-to-mondaycom-extension/main/textbookless/cracked-save-to-mondaycom-extension.zip"; http_uri; depth:102; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761822/; classtype:trojan-activity;sid:84624922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761816)"; flow:established,from_client; content:"GET"; http_method; content:"/lazzydave/cracked-webpage-snapshot-extension/main/sketchiness/cracked-webpage-snapshot-extension.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761816/; classtype:trojan-activity;sid:84624916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761813)"; flow:established,from_client; content:"GET"; http_method; content:"/bibabiboreal/cracked-save-to-airtable-base-extension/main/rectifiable/cracked-save-to-airtable-base-extension.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761813/; classtype:trojan-activity;sid:84624913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761807)"; flow:established,from_client; content:"GET"; http_method; content:"/kayraizm3131/cracked-webpage-tag-manager-extension/main/pteroclomorphic/cracked-webpage-tag-manager-extension.zip"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761807/; classtype:trojan-activity;sid:84624907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3761795)"; flow:established,from_client; content:"GET"; http_method; content:"/crandd1/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_22; reference:url, urlhaus.abuse.ch/url/3761795/; classtype:trojan-activity;sid:84624895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3760838)"; flow:established,from_client; content:"GET"; http_method; content:"/lounger678/lapce/releases/download/1.0.0/lapce-windows.msi"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_20; reference:url, urlhaus.abuse.ch/url/3760838/; classtype:trojan-activity;sid:84623938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3760734)"; flow:established,from_client; content:"GET"; http_method; content:"/atom.xml"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.backupallfresh2030.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2026_01_20; reference:url, urlhaus.abuse.ch/url/3760734/; classtype:trojan-activity;sid:84623834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759998)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.7.114.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_18; reference:url, urlhaus.abuse.ch/url/3759998/; classtype:trojan-activity;sid:84623098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759759)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"117.72.178.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_18; reference:url, urlhaus.abuse.ch/url/3759759/; classtype:trojan-activity;sid:84622859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759320)"; flow:established,from_client; content:"GET"; http_method; content:"/receiveharsh/changebusiness"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"co-emas.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759320/; classtype:trojan-activity;sid:84622420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3759319)"; flow:established,from_client; content:"GET"; http_method; content:"/x/s"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"co-emas.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_17; reference:url, urlhaus.abuse.ch/url/3759319/; classtype:trojan-activity;sid:84622419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758943)"; flow:established,from_client; content:"GET"; http_method; content:"/down/laizi_wzzdh.apk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"n.vs108.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_16; reference:url, urlhaus.abuse.ch/url/3758943/; classtype:trojan-activity;sid:84622043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758942)"; flow:established,from_client; content:"GET"; http_method; content:"/bbs/upload/1000/2017/03/16/202395_1101210.apk"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"jlwz.cn"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2026_01_16; reference:url, urlhaus.abuse.ch/url/3758942/; classtype:trojan-activity;sid:84622042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3758380)"; flow:established,from_client; content:"GET"; http_method; content:"/j1/encrypted.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dialkwik.in"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_15; reference:url, urlhaus.abuse.ch/url/3758380/; classtype:trojan-activity;sid:84621480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.95.137.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757989/; classtype:trojan-activity;sid:84621089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmp/imgs.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"wittenhorst.eu"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757953/; classtype:trojan-activity;sid:84621053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757907)"; flow:established,from_client; content:"GET"; http_method; content:"/syrins/chatgpt-app/raw/9d9a3d9ce5ba4eb03b7738f99458773e3b4ce7de/inat%20tv.apk"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757907/; classtype:trojan-activity;sid:84621007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757803)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/05%2012%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757803/; classtype:trojan-activity;sid:84620903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757804)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/05%2011%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757804/; classtype:trojan-activity;sid:84620904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757805)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/03%2010%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757805/; classtype:trojan-activity;sid:84620905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757806)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/04%2012%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757806/; classtype:trojan-activity;sid:84620906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757808)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/04%2009%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757808/; classtype:trojan-activity;sid:84620908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757809)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/02%2012%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757809/; classtype:trojan-activity;sid:84620909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757811)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/04%2008%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757811/; classtype:trojan-activity;sid:84620911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757802)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/05%2010%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757802/; classtype:trojan-activity;sid:84620902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757799)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/03%2011%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757799/; classtype:trojan-activity;sid:84620899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757800)"; flow:established,from_client; content:"GET"; http_method; content:"/test/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"182.163.114.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757800/; classtype:trojan-activity;sid:84620900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757796)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/03%2009%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757796/; classtype:trojan-activity;sid:84620896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757797)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/05%2008%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757797/; classtype:trojan-activity;sid:84620897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757792)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/05%2009%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757792/; classtype:trojan-activity;sid:84620892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757794)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/04%2011%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757794/; classtype:trojan-activity;sid:84620894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757791)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/03%2008%202025/info.zip"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_14; reference:url, urlhaus.abuse.ch/url/3757791/; classtype:trojan-activity;sid:84620891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757377)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.197.62.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757377/; classtype:trojan-activity;sid:84620477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3757074)"; flow:established,from_client; content:"GET"; http_method; content:"/netsyst81.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"steam66.cn"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2026_01_13; reference:url, urlhaus.abuse.ch/url/3757074/; classtype:trojan-activity;sid:84620174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3756255)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3756255/; classtype:trojan-activity;sid:84619355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3756023)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3756023/; classtype:trojan-activity;sid:84619123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3756018)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3756018/; classtype:trojan-activity;sid:84619118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755992)"; flow:established,from_client; content:"GET"; http_method; content:"/t36"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"42.192.39.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_11; reference:url, urlhaus.abuse.ch/url/3755992/; classtype:trojan-activity;sid:84619092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755558)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"115.190.237.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755558/; classtype:trojan-activity;sid:84618658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755119)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755119/; classtype:trojan-activity;sid:84618219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3755067)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.45.151.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_10; reference:url, urlhaus.abuse.ch/url/3755067/; classtype:trojan-activity;sid:84618167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754766)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754766/; classtype:trojan-activity;sid:84617866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754762)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754762/; classtype:trojan-activity;sid:84617862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754764)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.131.234.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754764/; classtype:trojan-activity;sid:84617864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754742)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/reynold/video.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754742/; classtype:trojan-activity;sid:84617842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754743)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/reynold/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754743/; classtype:trojan-activity;sid:84617843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754744)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/%24recycle.bin/photo.scr"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754744/; classtype:trojan-activity;sid:84617844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754745)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/reynold/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754745/; classtype:trojan-activity;sid:84617845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754741)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/%24recycle.bin/s-1-5-21-513737667-1919666884-561045330-1001/%24rs1r5lt.scr"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754741/; classtype:trojan-activity;sid:84617841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754699)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"202.4.101.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754699/; classtype:trojan-activity;sid:84617799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754702)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"182.160.102.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754702/; classtype:trojan-activity;sid:84617802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754690)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"195.158.88.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754690/; classtype:trojan-activity;sid:84617790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754685)"; flow:established,from_client; content:"GET"; http_method; content:"/zoldownload/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"down10d.zol.com.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754685/; classtype:trojan-activity;sid:84617785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754684)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"89.231.14.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754684/; classtype:trojan-activity;sid:84617784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754683)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754683/; classtype:trojan-activity;sid:84617783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754675)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"186.42.98.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754675/; classtype:trojan-activity;sid:84617775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754656)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"83.218.189.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754656/; classtype:trojan-activity;sid:84617756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754662)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"200.54.221.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754662/; classtype:trojan-activity;sid:84617762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754551)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"88.119.151.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754551/; classtype:trojan-activity;sid:84617651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754555)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpnxp.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754555/; classtype:trojan-activity;sid:84617655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754558)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"41.190.69.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754558/; classtype:trojan-activity;sid:84617658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754541)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"216.155.92.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754541/; classtype:trojan-activity;sid:84617641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754542)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn7.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754542/; classtype:trojan-activity;sid:84617642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754543)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpnx2.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754543/; classtype:trojan-activity;sid:84617643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimidrv.sys"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754540/; classtype:trojan-activity;sid:84617640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754534)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"212.107.232.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754534/; classtype:trojan-activity;sid:84617634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754530)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"217.75.193.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754530/; classtype:trojan-activity;sid:84617630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754532)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"81.16.250.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754532/; classtype:trojan-activity;sid:84617632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754533)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"138.219.58.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754533/; classtype:trojan-activity;sid:84617633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754520)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754520/; classtype:trojan-activity;sid:84617620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754521)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"190.12.99.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754521/; classtype:trojan-activity;sid:84617621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754517)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"87.119.108.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754517/; classtype:trojan-activity;sid:84617617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754511)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"37.252.69.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754511/; classtype:trojan-activity;sid:84617611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754425)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"181.129.182.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754425/; classtype:trojan-activity;sid:84617525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754378)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"83.166.197.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754378/; classtype:trojan-activity;sid:84617478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754363)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"66.196.62.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754363/; classtype:trojan-activity;sid:84617463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754359)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpnx2.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754359/; classtype:trojan-activity;sid:84617459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754340)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namuvpn32.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754340/; classtype:trojan-activity;sid:84617440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754331)"; flow:established,from_client; content:"GET"; http_method; content:"/pc/pdfconvert/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"download.pdf00.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754331/; classtype:trojan-activity;sid:84617431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754327)"; flow:established,from_client; content:"GET"; http_method; content:"/install/namu864.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754327/; classtype:trojan-activity;sid:84617427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754328)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn32.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754328/; classtype:trojan-activity;sid:84617428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754324)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"37.9.25.206"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754324/; classtype:trojan-activity;sid:84617424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754325)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpnx2/namuvpnx2.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754325/; classtype:trojan-activity;sid:84617425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754304)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"81.30.194.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754304/; classtype:trojan-activity;sid:84617404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754276)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"91.147.91.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754276/; classtype:trojan-activity;sid:84617376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754265)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"119.91.58.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754265/; classtype:trojan-activity;sid:84617365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754262)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn7.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754262/; classtype:trojan-activity;sid:84617362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754244)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"43.249.54.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754244/; classtype:trojan-activity;sid:84617344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754238)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn7/namuvpn7.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754238/; classtype:trojan-activity;sid:84617338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754218)"; flow:established,from_client; content:"GET"; http_method; content:"/install/back/namuvpn32.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.namuvpn.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754218/; classtype:trojan-activity;sid:84617318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754194)"; flow:established,from_client; content:"GET"; http_method; content:"/cryptodata/archive_to_send_decr.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"122.170.110.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754194/; classtype:trojan-activity;sid:84617294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754176)"; flow:established,from_client; content:"GET"; http_method; content:"/debugview%2b%2b.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"114.132.86.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754176/; classtype:trojan-activity;sid:84617276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754174)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754174/; classtype:trojan-activity;sid:84617274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754165)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"141.149.36.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754165/; classtype:trojan-activity;sid:84617265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3754156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/x64/mimilib.dll"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"167.250.49.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3754156/; classtype:trojan-activity;sid:84617256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3753765)"; flow:established,from_client; content:"GET"; http_method; content:"/big/img001.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_09; reference:url, urlhaus.abuse.ch/url/3753765/; classtype:trojan-activity;sid:84616865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752359)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"meetvideogoogle.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752359/; classtype:trojan-activity;sid:84615459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752363)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"videomeetgoogle.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752363/; classtype:trojan-activity;sid:84615463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752358)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"194.67.127.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752358/; classtype:trojan-activity;sid:84615458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3752304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.203.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_07; reference:url, urlhaus.abuse.ch/url/3752304/; classtype:trojan-activity;sid:84615404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3751589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.229.60.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_06; reference:url, urlhaus.abuse.ch/url/3751589/; classtype:trojan-activity;sid:84614689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3750631)"; flow:established,from_client; content:"GET"; http_method; content:"/security/wizvera/delfino-g3/delfino-g3.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"download.kbcard.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2026_01_05; reference:url, urlhaus.abuse.ch/url/3750631/; classtype:trojan-activity;sid:84613731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749775)"; flow:established,from_client; content:"GET"; http_method; content:"/buding/dbghelp.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"59.56.110.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_03; reference:url, urlhaus.abuse.ch/url/3749775/; classtype:trojan-activity;sid:84612875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749167)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.134.8.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3749167/; classtype:trojan-activity;sid:84612267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3749159)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.136.145.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3749159/; classtype:trojan-activity;sid:84612259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.229.60.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_02; reference:url, urlhaus.abuse.ch/url/3748863/; classtype:trojan-activity;sid:84611963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748352)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.225.179.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748352/; classtype:trojan-activity;sid:84611452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748326)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"162.215.130.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748326/; classtype:trojan-activity;sid:84611426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748290)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"216.92.32.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748290/; classtype:trojan-activity;sid:84611390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748285)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"104.199.248.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748285/; classtype:trojan-activity;sid:84611385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748279)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"199.168.184.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748279/; classtype:trojan-activity;sid:84611379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748274)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"167.99.0.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748274/; classtype:trojan-activity;sid:84611374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748259)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"167.99.0.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748259/; classtype:trojan-activity;sid:84611359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748253)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"199.168.184.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748253/; classtype:trojan-activity;sid:84611353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748255)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"69.48.143.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748255/; classtype:trojan-activity;sid:84611355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748247)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"3.18.128.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748247/; classtype:trojan-activity;sid:84611347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748243)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"118.139.167.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748243/; classtype:trojan-activity;sid:84611343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748235)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"18.176.47.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748235/; classtype:trojan-activity;sid:84611335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748204)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"5.35.124.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748204/; classtype:trojan-activity;sid:84611304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748205)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"94.130.229.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748205/; classtype:trojan-activity;sid:84611305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748192)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"54.197.245.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748192/; classtype:trojan-activity;sid:84611292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748194)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"98.70.13.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748194/; classtype:trojan-activity;sid:84611294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748187)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"54.197.245.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748187/; classtype:trojan-activity;sid:84611287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748189)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"5.63.157.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748189/; classtype:trojan-activity;sid:84611289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748180)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.80.0.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748180/; classtype:trojan-activity;sid:84611280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748175)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"125.253.125.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748175/; classtype:trojan-activity;sid:84611275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748170)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"125.253.125.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748170/; classtype:trojan-activity;sid:84611270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748152)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"209.250.2.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748152/; classtype:trojan-activity;sid:84611252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748163)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"116.118.47.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748163/; classtype:trojan-activity;sid:84611263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748165)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"201.182.25.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748165/; classtype:trojan-activity;sid:84611265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748144)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"52.16.112.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748144/; classtype:trojan-activity;sid:84611244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748137)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"209.250.2.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748137/; classtype:trojan-activity;sid:84611237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748127)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"150.95.27.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748127/; classtype:trojan-activity;sid:84611227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748131)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"173.231.196.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748131/; classtype:trojan-activity;sid:84611231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748133)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"162.215.130.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748133/; classtype:trojan-activity;sid:84611233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748104)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"18.176.47.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748104/; classtype:trojan-activity;sid:84611204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748110)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"44.208.147.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748110/; classtype:trojan-activity;sid:84611210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748112)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"95.154.194.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748112/; classtype:trojan-activity;sid:84611212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748115)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"192.155.93.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748115/; classtype:trojan-activity;sid:84611215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748119)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"35.226.92.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748119/; classtype:trojan-activity;sid:84611219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748096)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"164.160.41.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748096/; classtype:trojan-activity;sid:84611196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748066)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"185.4.64.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748066/; classtype:trojan-activity;sid:84611166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748074)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"74.50.99.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748074/; classtype:trojan-activity;sid:84611174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3748092)"; flow:established,from_client; content:"GET"; http_method; content:"/"; http_uri; depth:1; isdataat:!1,relative; nocase; content:"148.113.205.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3748092/; classtype:trojan-activity;sid:84611192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747725)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747725/; classtype:trojan-activity;sid:84610825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747694)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747694/; classtype:trojan-activity;sid:84610794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747690)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.lnk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747690/; classtype:trojan-activity;sid:84610790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747685)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747685/; classtype:trojan-activity;sid:84610785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747686)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747686/; classtype:trojan-activity;sid:84610786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3747684)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.lnk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"58.182.146.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2026_01_01; reference:url, urlhaus.abuse.ch/url/3747684/; classtype:trojan-activity;sid:84610784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3746867)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"124.123.26.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_30; reference:url, urlhaus.abuse.ch/url/3746867/; classtype:trojan-activity;sid:84609967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3746316)"; flow:established,from_client; content:"GET"; http_method; content:"/sxp/i/522f8dbab717f669a06afa9122107971.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"ob.youstarsbuilding.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_12_30; reference:url, urlhaus.abuse.ch/url/3746316/; classtype:trojan-activity;sid:84609416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3746314)"; flow:established,from_client; content:"GET"; http_method; content:"/sxp/i/522f8dbab717f669a06afa9122107971.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"euob.youstarsbuilding.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_12_30; reference:url, urlhaus.abuse.ch/url/3746314/; classtype:trojan-activity;sid:84609414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745195)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745195/; classtype:trojan-activity;sid:84608295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745196)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745196/; classtype:trojan-activity;sid:84608296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745197)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745197/; classtype:trojan-activity;sid:84608297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745192)"; flow:established,from_client; content:"GET"; http_method; content:"/20210408/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745192/; classtype:trojan-activity;sid:84608292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3745193)"; flow:established,from_client; content:"GET"; http_method; content:"/20210408/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_28; reference:url, urlhaus.abuse.ch/url/3745193/; classtype:trojan-activity;sid:84608293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743475)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"50.217.49.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743475/; classtype:trojan-activity;sid:84606575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743457)"; flow:established,from_client; content:"GET"; http_method; content:"/c"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"152.89.247.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743457/; classtype:trojan-activity;sid:84606557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743405)"; flow:established,from_client; content:"GET"; http_method; content:"/sxp/i/522f8dbab717f669a06afa9122107971.js"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"euob.youstarsbuilding.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743405/; classtype:trojan-activity;sid:84606505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743354)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.54.220.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743354/; classtype:trojan-activity;sid:84606454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743323)"; flow:established,from_client; content:"GET"; http_method; content:"/files/plugins/sess1594985553/sessiontools/uvsodsae.msi"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"royalindiancurryclub.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743323/; classtype:trojan-activity;sid:84606423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743272)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743272/; classtype:trojan-activity;sid:84606372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3743271)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_25; reference:url, urlhaus.abuse.ch/url/3743271/; classtype:trojan-activity;sid:84606371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742020)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742020/; classtype:trojan-activity;sid:84605120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742013)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742013/; classtype:trojan-activity;sid:84605113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742007)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742007/; classtype:trojan-activity;sid:84605107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3742005)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3742005/; classtype:trojan-activity;sid:84605105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741991)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741991/; classtype:trojan-activity;sid:84605091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741975)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741975/; classtype:trojan-activity;sid:84605075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741976)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.83.186.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741976/; classtype:trojan-activity;sid:84605076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741974)"; flow:established,from_client; content:"GET"; http_method; content:"/20250101/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741974/; classtype:trojan-activity;sid:84605074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741972)"; flow:established,from_client; content:"GET"; http_method; content:"/20250101/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741972/; classtype:trojan-activity;sid:84605072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741971)"; flow:established,from_client; content:"GET"; http_method; content:"/20250101/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741971/; classtype:trojan-activity;sid:84605071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741968)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"106.54.220.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741968/; classtype:trojan-activity;sid:84605068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741967)"; flow:established,from_client; content:"GET"; http_method; content:"/20250809/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741967/; classtype:trojan-activity;sid:84605067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741965)"; flow:established,from_client; content:"GET"; http_method; content:"/20210408/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741965/; classtype:trojan-activity;sid:84605065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741962)"; flow:established,from_client; content:"GET"; http_method; content:"/20210408/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741962/; classtype:trojan-activity;sid:84605062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741963)"; flow:established,from_client; content:"GET"; http_method; content:"/20250101/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741963/; classtype:trojan-activity;sid:84605063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741947)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741947/; classtype:trojan-activity;sid:84605047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741948)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741948/; classtype:trojan-activity;sid:84605048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741949)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741949/; classtype:trojan-activity;sid:84605049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741940)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.240.239.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_24; reference:url, urlhaus.abuse.ch/url/3741940/; classtype:trojan-activity;sid:84605040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.162.188.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741538/; classtype:trojan-activity;sid:84604638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741523)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.187.54.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741523/; classtype:trojan-activity;sid:84604623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741336)"; flow:established,from_client; content:"GET"; http_method; content:"/files/auhavkiq.msi"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"royalindiancurryclub.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741336/; classtype:trojan-activity;sid:84604436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741193)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741193/; classtype:trojan-activity;sid:84604293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741153)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741153/; classtype:trojan-activity;sid:84604253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741109)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741109/; classtype:trojan-activity;sid:84604209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741086)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741086/; classtype:trojan-activity;sid:84604186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741068)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741068/; classtype:trojan-activity;sid:84604168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741049)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741049/; classtype:trojan-activity;sid:84604149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741029)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"182.163.114.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741029/; classtype:trojan-activity;sid:84604129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741026)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741026/; classtype:trojan-activity;sid:84604126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3741024)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"124.230.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3741024/; classtype:trojan-activity;sid:84604124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3740979)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3740979/; classtype:trojan-activity;sid:84604079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3740945)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"152.230.111.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_23; reference:url, urlhaus.abuse.ch/url/3740945/; classtype:trojan-activity;sid:84604045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3739558)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/4thepool_miner.sh"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"31.57.109.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_21; reference:url, urlhaus.abuse.ch/url/3739558/; classtype:trojan-activity;sid:84602658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3738164)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.55.81.169"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_12_20; reference:url, urlhaus.abuse.ch/url/3738164/; classtype:trojan-activity;sid:84601264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3736211)"; flow:established,from_client; content:"GET"; http_method; content:"/atom.xml"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hotelsep.blogspot.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_18; reference:url, urlhaus.abuse.ch/url/3736211/; classtype:trojan-activity;sid:84599311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3736212)"; flow:established,from_client; content:"GET"; http_method; content:"/nimper.pdf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.backupallfresh2030.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_12_18; reference:url, urlhaus.abuse.ch/url/3736212/; classtype:trojan-activity;sid:84599312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735070)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.30.204.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735070/; classtype:trojan-activity;sid:84598170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735054)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735054/; classtype:trojan-activity;sid:84598154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735048)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735048/; classtype:trojan-activity;sid:84598148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735049)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735049/; classtype:trojan-activity;sid:84598149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735042)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"183.30.204.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735042/; classtype:trojan-activity;sid:84598142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735040)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"183.30.204.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735040/; classtype:trojan-activity;sid:84598140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3735041)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.30.204.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_17; reference:url, urlhaus.abuse.ch/url/3735041/; classtype:trojan-activity;sid:84598141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3734705)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.109.198.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_16; reference:url, urlhaus.abuse.ch/url/3734705/; classtype:trojan-activity;sid:84597805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3734700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.196.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_16; reference:url, urlhaus.abuse.ch/url/3734700/; classtype:trojan-activity;sid:84597800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733913)"; flow:established,from_client; content:"GET"; http_method; content:"/usr/uploads/file/202002/20200210195059_78353.rar"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"zhigao5191.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_15; reference:url, urlhaus.abuse.ch/url/3733913/; classtype:trojan-activity;sid:84597013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733907)"; flow:established,from_client; content:"GET"; http_method; content:"/editor%e6%b1%89%e5%8c%96%e7%89%88.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"zycdjz.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_15; reference:url, urlhaus.abuse.ch/url/3733907/; classtype:trojan-activity;sid:84597007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733895)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.255.229.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_15; reference:url, urlhaus.abuse.ch/url/3733895/; classtype:trojan-activity;sid:84596995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733819)"; flow:established,from_client; content:"GET"; http_method; content:"/liljaber/am/raw/refs/heads/main/shellhost.exe"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_15; reference:url, urlhaus.abuse.ch/url/3733819/; classtype:trojan-activity;sid:84596919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.95.77.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_14; reference:url, urlhaus.abuse.ch/url/3733494/; classtype:trojan-activity;sid:84596594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3733042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"129.0.120.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_13; reference:url, urlhaus.abuse.ch/url/3733042/; classtype:trojan-activity;sid:84596142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732378)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.39.215.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732378/; classtype:trojan-activity;sid:84595478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732133)"; flow:established,from_client; content:"GET"; http_method; content:"/eathena/tools/bymyzter/eabackup.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"paradox924x.pages.dev"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732133/; classtype:trojan-activity;sid:84595233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3732129)"; flow:established,from_client; content:"GET"; http_method; content:"/eathena/tools/bybakausagi/spr_conview_v0.11.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"paradox924x.pages.dev"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_12; reference:url, urlhaus.abuse.ch/url/3732129/; classtype:trojan-activity;sid:84595229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731630)"; flow:established,from_client; content:"GET"; http_method; content:"/modelo/cr.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"joyeriatauro.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_12_11; reference:url, urlhaus.abuse.ch/url/3731630/; classtype:trojan-activity;sid:84594730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731351)"; flow:established,from_client; content:"GET"; http_method; content:"/modelo/v1d.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"joyeriatauro.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_12_11; reference:url, urlhaus.abuse.ch/url/3731351/; classtype:trojan-activity;sid:84594451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731347)"; flow:established,from_client; content:"GET"; http_method; content:"/modelo/c1i.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"joyeriatauro.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_12_11; reference:url, urlhaus.abuse.ch/url/3731347/; classtype:trojan-activity;sid:84594447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731286)"; flow:established,from_client; content:"GET"; http_method; content:"/nalleysh/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731286/; classtype:trojan-activity;sid:84594386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731287)"; flow:established,from_client; content:"GET"; http_method; content:"/el1nns/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731287/; classtype:trojan-activity;sid:84594387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731283)"; flow:established,from_client; content:"GET"; http_method; content:"/d3xxth/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731283/; classtype:trojan-activity;sid:84594383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731275)"; flow:established,from_client; content:"GET"; http_method; content:"/creyty1h/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731275/; classtype:trojan-activity;sid:84594375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731271)"; flow:established,from_client; content:"GET"; http_method; content:"/v1llenth/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731271/; classtype:trojan-activity;sid:84594371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731257)"; flow:established,from_client; content:"GET"; http_method; content:"/rayn1e/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731257/; classtype:trojan-activity;sid:84594357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731244)"; flow:established,from_client; content:"GET"; http_method; content:"/colleshake/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731244/; classtype:trojan-activity;sid:84594344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731243)"; flow:established,from_client; content:"GET"; http_method; content:"/arcellys/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731243/; classtype:trojan-activity;sid:84594343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731242)"; flow:established,from_client; content:"GET"; http_method; content:"/n1elcery/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731242/; classtype:trojan-activity;sid:84594342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731239)"; flow:established,from_client; content:"GET"; http_method; content:"/recctan1o/fivem-spoofer/raw/refs/heads/main/cfxbypass.exe"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731239/; classtype:trojan-activity;sid:84594339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731238)"; flow:established,from_client; content:"GET"; http_method; content:"/kesslyy27/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731238/; classtype:trojan-activity;sid:84594338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3731232)"; flow:established,from_client; content:"GET"; http_method; content:"/ssten1/temp-spoofer-lifetime/raw/refs/heads/main/tempspoofer.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3731232/; classtype:trojan-activity;sid:84594332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730787)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730787/; classtype:trojan-activity;sid:84593887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730785)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730785/; classtype:trojan-activity;sid:84593885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730754)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730754/; classtype:trojan-activity;sid:84593854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730727)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730727/; classtype:trojan-activity;sid:84593827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730681)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730681/; classtype:trojan-activity;sid:84593781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730669)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730669/; classtype:trojan-activity;sid:84593769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730651)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.187.227.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730651/; classtype:trojan-activity;sid:84593751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730605)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_122124_mahal-node2/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730605/; classtype:trojan-activity;sid:84593705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3730311)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xi3twfy4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_10; reference:url, urlhaus.abuse.ch/url/3730311/; classtype:trojan-activity;sid:84593411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.182.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_09; reference:url, urlhaus.abuse.ch/url/3729846/; classtype:trojan-activity;sid:84592946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729416)"; flow:established,from_client; content:"GET"; http_method; content:"/js/panel/uploads/optimized_msi.png"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"bvaco.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729416/; classtype:trojan-activity;sid:84592516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729248)"; flow:established,from_client; content:"GET"; http_method; content:"/static/clean/clean.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"static.youdm.cn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729248/; classtype:trojan-activity;sid:84592348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3729188)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"86.89.95.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_12_08; reference:url, urlhaus.abuse.ch/url/3729188/; classtype:trojan-activity;sid:84592288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3727342)"; flow:established,from_client; content:"GET"; http_method; content:"/01.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.32.169.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_06; reference:url, urlhaus.abuse.ch/url/3727342/; classtype:trojan-activity;sid:84590442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3726789)"; flow:established,from_client; content:"GET"; http_method; content:"/test"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.11.240.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_06; reference:url, urlhaus.abuse.ch/url/3726789/; classtype:trojan-activity;sid:84589889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3726005)"; flow:established,from_client; content:"GET"; http_method; content:"/receipt_11_26_2025.msi"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"alineeleuterio.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_12_05; reference:url, urlhaus.abuse.ch/url/3726005/; classtype:trojan-activity;sid:84589105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725395)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"182.73.129.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725395/; classtype:trojan-activity;sid:84588495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725201)"; flow:established,from_client; content:"GET"; http_method; content:"/file/redmi%20ax3000/%e8%b7%af%e7%94%b1%e5%99%a8%e4%bf%ae%e5%a4%8d%e5%b7%a5%e5%85%b7/miwifirepairtool.x86.zip"; http_uri; depth:109; isdataat:!1,relative; nocase; content:"hzxcaq-github-io.pages.dev"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725201/; classtype:trojan-activity;sid:84588301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3725126)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.149.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3725126/; classtype:trojan-activity;sid:84588226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724888)"; flow:established,from_client; content:"GET"; http_method; content:"/gretech/promotion_sw/gomplayer/fastping_silent_v4.exe"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"cdn.gomlab.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3724888/; classtype:trojan-activity;sid:84587988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/linux/linux.tar.gz"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"miner.pages.dev"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3724884/; classtype:trojan-activity;sid:84587984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/win/miner.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"miner.pages.dev"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_04; reference:url, urlhaus.abuse.ch/url/3724883/; classtype:trojan-activity;sid:84587983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724235)"; flow:established,from_client; content:"GET"; http_method; content:"/fecund.lpk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.mobimpex.ro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724235/; classtype:trojan-activity;sid:84587335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724236)"; flow:established,from_client; content:"GET"; http_method; content:"/hrcxpywfcshe8.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.mobimpex.ro"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724236/; classtype:trojan-activity;sid:84587336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724034)"; flow:established,from_client; content:"GET"; http_method; content:"/res/keditor/2019_11/3c7a829a_893c_4f02_a407_6b0918c321c2.rar"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"en.taichuan.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724034/; classtype:trojan-activity;sid:84587134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3724008)"; flow:established,from_client; content:"GET"; http_method; content:"/krnl.lua.script.injector.v1.3.4.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"injectroblox.ru"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3724008/; classtype:trojan-activity;sid:84587108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3723880)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoftbs.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"120.48.115.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_12_03; reference:url, urlhaus.abuse.ch/url/3723880/; classtype:trojan-activity;sid:84586980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722913)"; flow:established,from_client; content:"GET"; http_method; content:"/fent.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.95.248.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722913/; classtype:trojan-activity;sid:84586013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722915)"; flow:established,from_client; content:"GET"; http_method; content:"/fent.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"23.95.248.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_12_02; reference:url, urlhaus.abuse.ch/url/3722915/; classtype:trojan-activity;sid:84586015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3722069)"; flow:established,from_client; content:"GET"; http_method; content:"/app/top8bet.apk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"top8onlinegame.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_12_01; reference:url, urlhaus.abuse.ch/url/3722069/; classtype:trojan-activity;sid:84585169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721465)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"72.201.150.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721465/; classtype:trojan-activity;sid:84584565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3721052)"; flow:established,from_client; content:"GET"; http_method; content:"/download/%e5%a5%87%e5%a6%99%e5%8a%a0%e9%80%9f%e5%99%a8_2_10004379.exe/%c3%a5%c2%a5%c2%87%c3%a5%c2%a6%c2%99%c3%a5%c2%8a%c2%a0%c3%a9%c2%80%c2%9f%c3%a5%c2%99%c2%a8_2_10004379.exe/%c3%83%c2%a5%c3%82%c2%a5%c3%82%c2%87%c3%83%c2%a5%c3%82%c2%a6%c3%82%c2%99%c3%83%25...~311~...%ef%bf%bd%c3%82%c2%a8_2_10004379.exe"; http_uri; depth:305; isdataat:!1,relative; nocase; content:"pvsa.gxfugy.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_30; reference:url, urlhaus.abuse.ch/url/3721052/; classtype:trojan-activity;sid:84584152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720416)"; flow:established,from_client; content:"GET"; http_method; content:"/payment_receipt_11_28_2025.msi"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"vizyonuniversitesi.com.tr"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720416/; classtype:trojan-activity;sid:84583516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720403)"; flow:established,from_client; content:"GET"; http_method; content:"/gmssetupx86.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185-55-196-13.cprapid.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720403/; classtype:trojan-activity;sid:84583503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720339)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720339/; classtype:trojan-activity;sid:84583439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720337)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720337/; classtype:trojan-activity;sid:84583437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720336)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/av.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720336/; classtype:trojan-activity;sid:84583436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720335)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720335/; classtype:trojan-activity;sid:84583435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720330)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/video.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720330/; classtype:trojan-activity;sid:84583430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720331)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/av.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720331/; classtype:trojan-activity;sid:84583431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720332)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720332/; classtype:trojan-activity;sid:84583432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720333)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/photo.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720333/; classtype:trojan-activity;sid:84583433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720334)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720334/; classtype:trojan-activity;sid:84583434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720329)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/photo.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720329/; classtype:trojan-activity;sid:84583429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720327)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720327/; classtype:trojan-activity;sid:84583427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720328)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/video.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720328/; classtype:trojan-activity;sid:84583428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720042)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.0.222.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720042/; classtype:trojan-activity;sid:84583142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3720037)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"31.0.222.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3720037/; classtype:trojan-activity;sid:84583137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3719973)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.0.222.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_29; reference:url, urlhaus.abuse.ch/url/3719973/; classtype:trojan-activity;sid:84583073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3718843)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"82.66.224.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_28; reference:url, urlhaus.abuse.ch/url/3718843/; classtype:trojan-activity;sid:84581943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3718114)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"47.86.33.195"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_27; reference:url, urlhaus.abuse.ch/url/3718114/; classtype:trojan-activity;sid:84581214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717880)"; flow:established,from_client; content:"GET"; http_method; content:"/newwfs/support/customfont.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"upaicdn.xinmei365.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_11_27; reference:url, urlhaus.abuse.ch/url/3717880/; classtype:trojan-activity;sid:84580980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717867)"; flow:established,from_client; content:"GET"; http_method; content:"/download/adan/utils/mudtime.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"paccbet.pages.dev"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_11_27; reference:url, urlhaus.abuse.ch/url/3717867/; classtype:trojan-activity;sid:84580967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3717692)"; flow:established,from_client; content:"GET"; http_method; content:"/safe/setup_smart.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"dl.ijinshan.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_27; reference:url, urlhaus.abuse.ch/url/3717692/; classtype:trojan-activity;sid:84580792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716961)"; flow:established,from_client; content:"GET"; http_method; content:"/krzysztofadamczewski/nanocore-rat/raw/refs/heads/master/nanocore_portable.exe"; http_uri; depth:78; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_26; reference:url, urlhaus.abuse.ch/url/3716961/; classtype:trojan-activity;sid:84580061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716962)"; flow:established,from_client; content:"GET"; http_method; content:"/pafh99/nanocore-rat-2/raw/refs/heads/master/nanocore_portable.exe"; http_uri; depth:66; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_26; reference:url, urlhaus.abuse.ch/url/3716962/; classtype:trojan-activity;sid:84580062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716299)"; flow:established,from_client; content:"GET"; http_method; content:"/clientbin/dowonline.installer.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"dowonline.ru"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_25; reference:url, urlhaus.abuse.ch/url/3716299/; classtype:trojan-activity;sid:84579399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716290)"; flow:established,from_client; content:"GET"; http_method; content:"/baixar/suporte%20winxp-7-8.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"compuserviceonline.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_25; reference:url, urlhaus.abuse.ch/url/3716290/; classtype:trojan-activity;sid:84579390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3716195)"; flow:established,from_client; content:"GET"; http_method; content:"/application/workspace/15/15d4031688cbb71def72a06cf15d7fa1/installer_%e6%99%ba%e8%83%bd%e7%bf%bb%e8%af%91%e5%ae%98_r1.7.9.exe"; http_uri; depth:125; isdataat:!1,relative; nocase; content:"download2.huduntech.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_25; reference:url, urlhaus.abuse.ch/url/3716195/; classtype:trojan-activity;sid:84579295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715638)"; flow:established,from_client; content:"GET"; http_method; content:"/37/cqsj/official/37cqsj.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"d.wanyouxi7.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_24; reference:url, urlhaus.abuse.ch/url/3715638/; classtype:trojan-activity;sid:84578738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715587)"; flow:established,from_client; content:"GET"; http_method; content:"/elc/filesave/setupfile/edmslaunchersetup.exe"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"lcportal.kbinsure.co.kr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_24; reference:url, urlhaus.abuse.ch/url/3715587/; classtype:trojan-activity;sid:84578687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715579)"; flow:established,from_client; content:"GET"; http_method; content:"/dropfix"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cdn.novoline.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_24; reference:url, urlhaus.abuse.ch/url/3715579/; classtype:trojan-activity;sid:84578679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3715175)"; flow:established,from_client; content:"GET"; http_method; content:"/fo-wsftp605.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"landonirwin.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3715175/; classtype:trojan-activity;sid:84578275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714635)"; flow:established,from_client; content:"GET"; http_method; content:"/app/linux.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"prepstarcenter.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2025_11_23; reference:url, urlhaus.abuse.ch/url/3714635/; classtype:trojan-activity;sid:84577735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714116)"; flow:established,from_client; content:"GET"; http_method; content:"/wizvera/delfino/down/delfino-g3-sha2.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"www.hwgeneralins.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3714116/; classtype:trojan-activity;sid:84577216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3714095)"; flow:established,from_client; content:"GET"; http_method; content:"/k1_351.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"app.appzcvb.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3714095/; classtype:trojan-activity;sid:84577195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713850)"; flow:established,from_client; content:"GET"; http_method; content:"/cleaner"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"gutando.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_22; reference:url, urlhaus.abuse.ch/url/3713850/; classtype:trojan-activity;sid:84576950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713493)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.190.74.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713493/; classtype:trojan-activity;sid:84576593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713469)"; flow:established,from_client; content:"GET"; http_method; content:"/stage1.ps1"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fb6390d5.infinityindians.pages.dev"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713469/; classtype:trojan-activity;sid:84576569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713470)"; flow:established,from_client; content:"GET"; http_method; content:"/amsibypass.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fb6390d5.infinityindians.pages.dev"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713470/; classtype:trojan-activity;sid:84576570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3713467)"; flow:established,from_client; content:"GET"; http_method; content:"/files/bexitor%20installer.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"matthewsigmondv5.pages.dev"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_21; reference:url, urlhaus.abuse.ch/url/3713467/; classtype:trojan-activity;sid:84576567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712904)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"43.156.63.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712904/; classtype:trojan-activity;sid:84576004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712862)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"syn-096-011-145-107.biz.spectrum.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712862/; classtype:trojan-activity;sid:84575962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712861)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"syn-096-011-145-107.biz.spectrum.com"; http_host; depth:36; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712861/; classtype:trojan-activity;sid:84575961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712796)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712796/; classtype:trojan-activity;sid:84575896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712795)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712795/; classtype:trojan-activity;sid:84575895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712793)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712793/; classtype:trojan-activity;sid:84575893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712794)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/video.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712794/; classtype:trojan-activity;sid:84575894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712791)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/photo.scr"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712791/; classtype:trojan-activity;sid:84575891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712792)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/av.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712792/; classtype:trojan-activity;sid:84575892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712790)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712790/; classtype:trojan-activity;sid:84575890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712787)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/av.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712787/; classtype:trojan-activity;sid:84575887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712788)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712788/; classtype:trojan-activity;sid:84575888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712789)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/photo.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712789/; classtype:trojan-activity;sid:84575889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712785)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/mom/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712785/; classtype:trojan-activity;sid:84575885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712786)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/rachel/video.lnk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"27.125.169.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712786/; classtype:trojan-activity;sid:84575886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712393)"; flow:established,from_client; content:"GET"; http_method; content:"/d/gof.com.my/gz2v8w/y0qt8nphhv1v"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"smartermail.host"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_11_20; reference:url, urlhaus.abuse.ch/url/3712393/; classtype:trojan-activity;sid:84575493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3712017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/horioninjector.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"horion-static.pages.dev"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_19; reference:url, urlhaus.abuse.ch/url/3712017/; classtype:trojan-activity;sid:84575117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711792)"; flow:established,from_client; content:"GET"; http_method; content:"/bog.apk"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bombayonline.in"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_19; reference:url, urlhaus.abuse.ch/url/3711792/; classtype:trojan-activity;sid:84574892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711282)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.236.149.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711282/; classtype:trojan-activity;sid:84574382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711278)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"47.121.137.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711278/; classtype:trojan-activity;sid:84574378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3711212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.154.90.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3711212/; classtype:trojan-activity;sid:84574312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710993)"; flow:established,from_client; content:"GET"; http_method; content:"/sfyhmsqlexrtjetiqydog74.bin"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"dexios.co.za"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3710993/; classtype:trojan-activity;sid:84574093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710988)"; flow:established,from_client; content:"GET"; http_method; content:"/brkopsluth.emz"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dexios.co.za"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_18; reference:url, urlhaus.abuse.ch/url/3710988/; classtype:trojan-activity;sid:84574088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710498)"; flow:established,from_client; content:"GET"; http_method; content:"/auo1.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a-gwo.pages.dev"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710498/; classtype:trojan-activity;sid:84573598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/screenconnect.clientsetup.msi"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"rheddh.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710456/; classtype:trojan-activity;sid:84573556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-19/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710416/; classtype:trojan-activity;sid:84573516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710412)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_42625_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710412/; classtype:trojan-activity;sid:84573512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-29/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710404/; classtype:trojan-activity;sid:84573504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710402)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_71024_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710402/; classtype:trojan-activity;sid:84573502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710394)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-03-23/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710394/; classtype:trojan-activity;sid:84573494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-03/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710388/; classtype:trojan-activity;sid:84573488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-04-23/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710390/; classtype:trojan-activity;sid:84573490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-10-11/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710385/; classtype:trojan-activity;sid:84573485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-05-20/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710383/; classtype:trojan-activity;sid:84573483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-05-21/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710380/; classtype:trojan-activity;sid:84573480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-02-26/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710370/; classtype:trojan-activity;sid:84573470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-27/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710371/; classtype:trojan-activity;sid:84573471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-28/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710374/; classtype:trojan-activity;sid:84573474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-09-25/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710362/; classtype:trojan-activity;sid:84573462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710355)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_42425_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710355/; classtype:trojan-activity;sid:84573455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-06-22/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710351/; classtype:trojan-activity;sid:84573451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710352)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_41724_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710352/; classtype:trojan-activity;sid:84573452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-07-05/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710353/; classtype:trojan-activity;sid:84573453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710350)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_61324_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710350/; classtype:trojan-activity;sid:84573450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2023-02-01/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710340/; classtype:trojan-activity;sid:84573440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710341)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-07-05/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710341/; classtype:trojan-activity;sid:84573441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-07-27/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710343/; classtype:trojan-activity;sid:84573443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710334)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-06/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710334/; classtype:trojan-activity;sid:84573434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-11/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710323/; classtype:trojan-activity;sid:84573423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-11-22/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710327/; classtype:trojan-activity;sid:84573427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710315)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_3925_mahal-node2/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710315/; classtype:trojan-activity;sid:84573415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-09-28/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710316/; classtype:trojan-activity;sid:84573416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-12-23/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710318/; classtype:trojan-activity;sid:84573418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710319)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10825_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710319/; classtype:trojan-activity;sid:84573419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-05-02/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710311/; classtype:trojan-activity;sid:84573411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710312)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_82225_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710312/; classtype:trojan-activity;sid:84573412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-12-14/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710313/; classtype:trojan-activity;sid:84573413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710309)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_32824_mahal-server/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710309/; classtype:trojan-activity;sid:84573409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2020-01-28/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710306/; classtype:trojan-activity;sid:84573406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-26/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710293/; classtype:trojan-activity;sid:84573393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-10-06/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710285/; classtype:trojan-activity;sid:84573385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-21/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710287/; classtype:trojan-activity;sid:84573387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-18/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710288/; classtype:trojan-activity;sid:84573388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-07-22/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710289/; classtype:trojan-activity;sid:84573389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2019-04-12/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710290/; classtype:trojan-activity;sid:84573390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/2021-05-20/info.zip"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710291/; classtype:trojan-activity;sid:84573391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-06-20/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710284/; classtype:trojan-activity;sid:84573384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710207)"; flow:established,from_client; content:"GET"; http_method; content:"/offlinepackv4.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"dl.360safe.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_17; reference:url, urlhaus.abuse.ch/url/3710207/; classtype:trojan-activity;sid:84573307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710011)"; flow:established,from_client; content:"GET"; http_method; content:"/soulclientwtf/lnk/raw/refs/heads/main/execute"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_16; reference:url, urlhaus.abuse.ch/url/3710011/; classtype:trojan-activity;sid:84573111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3710010)"; flow:established,from_client; content:"GET"; http_method; content:"/soulclientwtf/lnk/refs/heads/main/execute"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_11_16; reference:url, urlhaus.abuse.ch/url/3710010/; classtype:trojan-activity;sid:84573110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709309/; classtype:trojan-activity;sid:84572409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-05-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709306/; classtype:trojan-activity;sid:84572406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709292/; classtype:trojan-activity;sid:84572392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709293/; classtype:trojan-activity;sid:84572393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-03-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709294/; classtype:trojan-activity;sid:84572394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-10-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709295/; classtype:trojan-activity;sid:84572395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709296)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709296/; classtype:trojan-activity;sid:84572396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709298)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-08-23/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709298/; classtype:trojan-activity;sid:84572398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709299/; classtype:trojan-activity;sid:84572399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709300/; classtype:trojan-activity;sid:84572400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-05-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709301/; classtype:trojan-activity;sid:84572401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-10-20/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709302/; classtype:trojan-activity;sid:84572402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-03-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709303/; classtype:trojan-activity;sid:84572403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-05-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709304/; classtype:trojan-activity;sid:84572404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709305/; classtype:trojan-activity;sid:84572405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-08-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709288/; classtype:trojan-activity;sid:84572388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709290/; classtype:trojan-activity;sid:84572390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2024-01-26/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709291/; classtype:trojan-activity;sid:84572391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-07-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709272/; classtype:trojan-activity;sid:84572372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709273/; classtype:trojan-activity;sid:84572373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709274/; classtype:trojan-activity;sid:84572374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-04-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709275/; classtype:trojan-activity;sid:84572375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709276/; classtype:trojan-activity;sid:84572376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2022-01-20/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709277/; classtype:trojan-activity;sid:84572377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709278/; classtype:trojan-activity;sid:84572378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-06-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709280/; classtype:trojan-activity;sid:84572380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-05-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709281/; classtype:trojan-activity;sid:84572381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709284/; classtype:trojan-activity;sid:84572384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709285/; classtype:trojan-activity;sid:84572385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-11-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709286/; classtype:trojan-activity;sid:84572386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-10-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709287/; classtype:trojan-activity;sid:84572387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709269)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_82624_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709269/; classtype:trojan-activity;sid:84572369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709270/; classtype:trojan-activity;sid:84572370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2020-10-10/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709271/; classtype:trojan-activity;sid:84572371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709267)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-02-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709267/; classtype:trojan-activity;sid:84572367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-01-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709255/; classtype:trojan-activity;sid:84572355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-11-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709256/; classtype:trojan-activity;sid:84572356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-07-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709257/; classtype:trojan-activity;sid:84572357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-06-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709258/; classtype:trojan-activity;sid:84572358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-11-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709259/; classtype:trojan-activity;sid:84572359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709261/; classtype:trojan-activity;sid:84572361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2022-03-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709262/; classtype:trojan-activity;sid:84572362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-08-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709263/; classtype:trojan-activity;sid:84572363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-05-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709264/; classtype:trojan-activity;sid:84572364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-03-03/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709248/; classtype:trojan-activity;sid:84572348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-08-24/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709249/; classtype:trojan-activity;sid:84572349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709250/; classtype:trojan-activity;sid:84572350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709251)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-11-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709251/; classtype:trojan-activity;sid:84572351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-06-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709252/; classtype:trojan-activity;sid:84572352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2024-01-17/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709253/; classtype:trojan-activity;sid:84572353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709254)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-11-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709254/; classtype:trojan-activity;sid:84572354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709244/; classtype:trojan-activity;sid:84572344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709245/; classtype:trojan-activity;sid:84572345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-09-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709246/; classtype:trojan-activity;sid:84572346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-01-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709247/; classtype:trojan-activity;sid:84572347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709240/; classtype:trojan-activity;sid:84572340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-07-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709241/; classtype:trojan-activity;sid:84572341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709242/; classtype:trojan-activity;sid:84572342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-02-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709239/; classtype:trojan-activity;sid:84572339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-11-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709234/; classtype:trojan-activity;sid:84572334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709235)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709235/; classtype:trojan-activity;sid:84572335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709236/; classtype:trojan-activity;sid:84572336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-04-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709237/; classtype:trojan-activity;sid:84572337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-07-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709238/; classtype:trojan-activity;sid:84572338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709228)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-01-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709228/; classtype:trojan-activity;sid:84572328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709229/; classtype:trojan-activity;sid:84572329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2022-07-22/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709230/; classtype:trojan-activity;sid:84572330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709231/; classtype:trojan-activity;sid:84572331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709232/; classtype:trojan-activity;sid:84572332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-09-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709233/; classtype:trojan-activity;sid:84572333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2019-07-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709220/; classtype:trojan-activity;sid:84572320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-03-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709221/; classtype:trojan-activity;sid:84572321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-11-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709222/; classtype:trojan-activity;sid:84572322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-07-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709223/; classtype:trojan-activity;sid:84572323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709224)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-26/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709224/; classtype:trojan-activity;sid:84572324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-03-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709225/; classtype:trojan-activity;sid:84572325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709227)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-03-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709227/; classtype:trojan-activity;sid:84572327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709218)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-03-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709218/; classtype:trojan-activity;sid:84572318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709219/; classtype:trojan-activity;sid:84572319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-06-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709217/; classtype:trojan-activity;sid:84572317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709213/; classtype:trojan-activity;sid:84572313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-01-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709214/; classtype:trojan-activity;sid:84572314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709209/; classtype:trojan-activity;sid:84572309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-07-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709210/; classtype:trojan-activity;sid:84572310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-04-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709211/; classtype:trojan-activity;sid:84572311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709212)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2023-06-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709212/; classtype:trojan-activity;sid:84572312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2022-03-06/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709201/; classtype:trojan-activity;sid:84572301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709202)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-03-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709202/; classtype:trojan-activity;sid:84572302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709203/; classtype:trojan-activity;sid:84572303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2020-10-12/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709204/; classtype:trojan-activity;sid:84572304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709205/; classtype:trojan-activity;sid:84572305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-03-02/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709206/; classtype:trojan-activity;sid:84572306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-02-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709207/; classtype:trojan-activity;sid:84572307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-04-04/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709193/; classtype:trojan-activity;sid:84572293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709194/; classtype:trojan-activity;sid:84572294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-05-01/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709195/; classtype:trojan-activity;sid:84572295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-05-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709196/; classtype:trojan-activity;sid:84572296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709197/; classtype:trojan-activity;sid:84572297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709199)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-11/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709199/; classtype:trojan-activity;sid:84572299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-10-15/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709200/; classtype:trojan-activity;sid:84572300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2020-07-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709192/; classtype:trojan-activity;sid:84572292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709190/; classtype:trojan-activity;sid:84572290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-11-28/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709191/; classtype:trojan-activity;sid:84572291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-07-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709186/; classtype:trojan-activity;sid:84572286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-10-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709187/; classtype:trojan-activity;sid:84572287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-07-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709188/; classtype:trojan-activity;sid:84572288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2025-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709175/; classtype:trojan-activity;sid:84572275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-05-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709176/; classtype:trojan-activity;sid:84572276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709177/; classtype:trojan-activity;sid:84572277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-09-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709178/; classtype:trojan-activity;sid:84572278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709179/; classtype:trojan-activity;sid:84572279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-09-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709180/; classtype:trojan-activity;sid:84572280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709181/; classtype:trojan-activity;sid:84572281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709182)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709182/; classtype:trojan-activity;sid:84572282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-03-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709184/; classtype:trojan-activity;sid:84572284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-08-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709185/; classtype:trojan-activity;sid:84572285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-07-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709165/; classtype:trojan-activity;sid:84572265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-07-04/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709166/; classtype:trojan-activity;sid:84572266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000162/2024-01-22/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709167/; classtype:trojan-activity;sid:84572267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2022-01-27/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709168/; classtype:trojan-activity;sid:84572268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-06-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709169/; classtype:trojan-activity;sid:84572269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709170/; classtype:trojan-activity;sid:84572270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709171/; classtype:trojan-activity;sid:84572271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-11-15/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709172/; classtype:trojan-activity;sid:84572272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709173/; classtype:trojan-activity;sid:84572273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-08-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709161/; classtype:trojan-activity;sid:84572261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709162/; classtype:trojan-activity;sid:84572262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-01-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709159/; classtype:trojan-activity;sid:84572259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-07-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709158/; classtype:trojan-activity;sid:84572258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000758/2022-03-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709152/; classtype:trojan-activity;sid:84572252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-10-17/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709153/; classtype:trojan-activity;sid:84572253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2024-01-24/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709154/; classtype:trojan-activity;sid:84572254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-06-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709155/; classtype:trojan-activity;sid:84572255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709156/; classtype:trojan-activity;sid:84572256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2023-08-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709157/; classtype:trojan-activity;sid:84572257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-05-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709143/; classtype:trojan-activity;sid:84572243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709144/; classtype:trojan-activity;sid:84572244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709145/; classtype:trojan-activity;sid:84572245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-07-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709147/; classtype:trojan-activity;sid:84572247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-05-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709148/; classtype:trojan-activity;sid:84572248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709149/; classtype:trojan-activity;sid:84572249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709150/; classtype:trojan-activity;sid:84572250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-05-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709151/; classtype:trojan-activity;sid:84572251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-09-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709140/; classtype:trojan-activity;sid:84572240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709141/; classtype:trojan-activity;sid:84572241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-08-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709139/; classtype:trojan-activity;sid:84572239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-11-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709138/; classtype:trojan-activity;sid:84572238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709130/; classtype:trojan-activity;sid:84572230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709131/; classtype:trojan-activity;sid:84572231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2019-05-31/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709132/; classtype:trojan-activity;sid:84572232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709133/; classtype:trojan-activity;sid:84572233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-11-27/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709135/; classtype:trojan-activity;sid:84572235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-06-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709136/; classtype:trojan-activity;sid:84572236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709128/; classtype:trojan-activity;sid:84572228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-09-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709112/; classtype:trojan-activity;sid:84572212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709113/; classtype:trojan-activity;sid:84572213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-11-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709114/; classtype:trojan-activity;sid:84572214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709115/; classtype:trojan-activity;sid:84572215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-03-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709116/; classtype:trojan-activity;sid:84572216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709117/; classtype:trojan-activity;sid:84572217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-11-25/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709118/; classtype:trojan-activity;sid:84572218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709119/; classtype:trojan-activity;sid:84572219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-03-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709120/; classtype:trojan-activity;sid:84572220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-08-16/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709121/; classtype:trojan-activity;sid:84572221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709122)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_92825_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709122/; classtype:trojan-activity;sid:84572222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709123/; classtype:trojan-activity;sid:84572223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-06-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709124/; classtype:trojan-activity;sid:84572224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-03-16/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709126/; classtype:trojan-activity;sid:84572226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709109/; classtype:trojan-activity;sid:84572209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-06-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709111/; classtype:trojan-activity;sid:84572211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709104/; classtype:trojan-activity;sid:84572204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2024-12-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709105/; classtype:trojan-activity;sid:84572205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-08-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709107/; classtype:trojan-activity;sid:84572207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709108/; classtype:trojan-activity;sid:84572208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709102)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_51125_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709102/; classtype:trojan-activity;sid:84572202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-09-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709103/; classtype:trojan-activity;sid:84572203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-10-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709096/; classtype:trojan-activity;sid:84572196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709097/; classtype:trojan-activity;sid:84572197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-31/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709098/; classtype:trojan-activity;sid:84572198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709099/; classtype:trojan-activity;sid:84572199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-07-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709100/; classtype:trojan-activity;sid:84572200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000324/2024-01-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709101/; classtype:trojan-activity;sid:84572201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709088/; classtype:trojan-activity;sid:84572188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-10-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709089/; classtype:trojan-activity;sid:84572189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-11-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709090/; classtype:trojan-activity;sid:84572190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709091/; classtype:trojan-activity;sid:84572191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-01-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709092/; classtype:trojan-activity;sid:84572192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2022-10-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709093/; classtype:trojan-activity;sid:84572193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-03-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709078/; classtype:trojan-activity;sid:84572178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2024-09-27/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709079/; classtype:trojan-activity;sid:84572179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2024-09-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709080/; classtype:trojan-activity;sid:84572180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-09-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709081/; classtype:trojan-activity;sid:84572181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709083/; classtype:trojan-activity;sid:84572183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709084/; classtype:trojan-activity;sid:84572184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-11-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709085/; classtype:trojan-activity;sid:84572185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709086/; classtype:trojan-activity;sid:84572186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709087/; classtype:trojan-activity;sid:84572187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-05-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709075/; classtype:trojan-activity;sid:84572175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-01-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709076/; classtype:trojan-activity;sid:84572176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-05-30/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709077/; classtype:trojan-activity;sid:84572177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2023-06-24/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709054/; classtype:trojan-activity;sid:84572154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-05-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709055/; classtype:trojan-activity;sid:84572155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2019-09-26/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709056/; classtype:trojan-activity;sid:84572156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-06-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709057/; classtype:trojan-activity;sid:84572157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-12-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709058/; classtype:trojan-activity;sid:84572158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-07-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709059/; classtype:trojan-activity;sid:84572159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-02-20/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709060/; classtype:trojan-activity;sid:84572160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2021-02-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709061/; classtype:trojan-activity;sid:84572161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-07-17/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709062/; classtype:trojan-activity;sid:84572162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-07-15/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709063/; classtype:trojan-activity;sid:84572163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2022-10-05/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709064/; classtype:trojan-activity;sid:84572164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-06-01/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709065/; classtype:trojan-activity;sid:84572165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2020-11-02/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709066/; classtype:trojan-activity;sid:84572166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-18/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709067/; classtype:trojan-activity;sid:84572167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-03-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709068/; classtype:trojan-activity;sid:84572168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-01-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709069/; classtype:trojan-activity;sid:84572169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2020-07-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709070/; classtype:trojan-activity;sid:84572170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709072)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-09-29/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709072/; classtype:trojan-activity;sid:84572172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-11-18/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709042/; classtype:trojan-activity;sid:84572142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-09-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709043/; classtype:trojan-activity;sid:84572143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-09-17/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709044/; classtype:trojan-activity;sid:84572144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-04-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709045/; classtype:trojan-activity;sid:84572145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000677/2019-03-20/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709046/; classtype:trojan-activity;sid:84572146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-06-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709047/; classtype:trojan-activity;sid:84572147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709048/; classtype:trojan-activity;sid:84572148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-10-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709049/; classtype:trojan-activity;sid:84572149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000910/2023-06-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709050/; classtype:trojan-activity;sid:84572150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-03-17/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709051/; classtype:trojan-activity;sid:84572151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2022-11-06/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709052/; classtype:trojan-activity;sid:84572152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3709053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos%20autom%c3%a1ticos/2024-04-05/info.zip"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_15; reference:url, urlhaus.abuse.ch/url/3709053/; classtype:trojan-activity;sid:84572153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3708476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.143.158.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3708476/; classtype:trojan-activity;sid:84571576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3708402)"; flow:established,from_client; content:"GET"; http_method; content:"/ourzz.wav"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"clubdetiroelpicarcho.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3708402/; classtype:trojan-activity;sid:84571502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707810)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_82224_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707810/; classtype:trojan-activity;sid:84570910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707697)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/04/pieletjf.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"theoremaoliveoil.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707697/; classtype:trojan-activity;sid:84570797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3707699)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2019/04/pieletjf_vm.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"theoremaoliveoil.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_11_14; reference:url, urlhaus.abuse.ch/url/3707699/; classtype:trojan-activity;sid:84570799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704600)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704600/; classtype:trojan-activity;sid:84567700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704602)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.216.139.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704602/; classtype:trojan-activity;sid:84567702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.208.202.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704561/; classtype:trojan-activity;sid:84567661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704523)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.247.101.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704523/; classtype:trojan-activity;sid:84567623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704282)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21425_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704282/; classtype:trojan-activity;sid:84567382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704281)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21625_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704281/; classtype:trojan-activity;sid:84567381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704279)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_12424_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704279/; classtype:trojan-activity;sid:84567379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704280)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_22025_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704280/; classtype:trojan-activity;sid:84567380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704276)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_22225_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704276/; classtype:trojan-activity;sid:84567376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704277)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_12525_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704277/; classtype:trojan-activity;sid:84567377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704275)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_22225_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704275/; classtype:trojan-activity;sid:84567375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704246)"; flow:established,from_client; content:"GET"; http_method; content:"/haozip/haozip_v6.5.2.11245.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"dl.2345.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704246/; classtype:trojan-activity;sid:84567346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3704158)"; flow:established,from_client; content:"GET"; http_method; content:"/leinchchanceleinch/jik/raw/refs/heads/main/dev.msi"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_11_13; reference:url, urlhaus.abuse.ch/url/3704158/; classtype:trojan-activity;sid:84567258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703801)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703801/; classtype:trojan-activity;sid:84566901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703784)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_101424_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703784/; classtype:trojan-activity;sid:84566884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703785)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10325_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703785/; classtype:trojan-activity;sid:84566885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703777)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11424_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703777/; classtype:trojan-activity;sid:84566877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703778)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102624_mahal-node2/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703778/; classtype:trojan-activity;sid:84566878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703767)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_61924_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703767/; classtype:trojan-activity;sid:84566867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703764)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703764/; classtype:trojan-activity;sid:84566864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703763)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_61424_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703763/; classtype:trojan-activity;sid:84566863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703759)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_82325_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703759/; classtype:trojan-activity;sid:84566859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703760)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_11125_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703760/; classtype:trojan-activity;sid:84566860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703748)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_21025_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703748/; classtype:trojan-activity;sid:84566848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703749)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_6424_mahal-node1/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703749/; classtype:trojan-activity;sid:84566849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703756)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_71824_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703756/; classtype:trojan-activity;sid:84566856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703743)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_62124_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703743/; classtype:trojan-activity;sid:84566843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703744)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_112724_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703744/; classtype:trojan-activity;sid:84566844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703745)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_101124_mahal-server/info.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703745/; classtype:trojan-activity;sid:84566845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703737)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_91824_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703737/; classtype:trojan-activity;sid:84566837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703738)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10824_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703738/; classtype:trojan-activity;sid:84566838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703734)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_101824_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703734/; classtype:trojan-activity;sid:84566834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703735)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_9924_mahal-node1/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703735/; classtype:trojan-activity;sid:84566835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703736)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_52324_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703736/; classtype:trojan-activity;sid:84566836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703731)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703731/; classtype:trojan-activity;sid:84566831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703728)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102124_mahal-node2/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703728/; classtype:trojan-activity;sid:84566828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703729)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_122624_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_12; reference:url, urlhaus.abuse.ch/url/3703729/; classtype:trojan-activity;sid:84566829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703175)"; flow:established,from_client; content:"GET"; http_method; content:"/prodimg/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703175/; classtype:trojan-activity;sid:84566275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703171)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/info.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703171/; classtype:trojan-activity;sid:84566271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703166)"; flow:established,from_client; content:"GET"; http_method; content:"/prodimg/exportimages_42425_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703166/; classtype:trojan-activity;sid:84566266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703167)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_102124_mahal-node1/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703167/; classtype:trojan-activity;sid:84566267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703163)"; flow:established,from_client; content:"GET"; http_method; content:"/prodimg/exportimages_42425_mahal-node2/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703163/; classtype:trojan-activity;sid:84566263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703164)"; flow:established,from_client; content:"GET"; http_method; content:"/outward/exportimages_10124_mahal-node1/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703164/; classtype:trojan-activity;sid:84566264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3703165)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.192.219.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3703165/; classtype:trojan-activity;sid:84566265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702746)"; flow:established,from_client; content:"GET"; http_method; content:"/dersnotlari/02/sora.jpg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.notbak.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_11; reference:url, urlhaus.abuse.ch/url/3702746/; classtype:trojan-activity;sid:84565846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702204)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702204/; classtype:trojan-activity;sid:84565304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702202)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702202/; classtype:trojan-activity;sid:84565302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702201)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702201/; classtype:trojan-activity;sid:84565301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702199)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702199/; classtype:trojan-activity;sid:84565299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702178)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702178/; classtype:trojan-activity;sid:84565278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702166)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702166/; classtype:trojan-activity;sid:84565266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702161)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702161/; classtype:trojan-activity;sid:84565261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702156)"; flow:established,from_client; content:"GET"; http_method; content:"/20250416/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702156/; classtype:trojan-activity;sid:84565256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702157)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702157/; classtype:trojan-activity;sid:84565257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702158)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702158/; classtype:trojan-activity;sid:84565258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702152)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702152/; classtype:trojan-activity;sid:84565252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702147)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702147/; classtype:trojan-activity;sid:84565247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702142)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702142/; classtype:trojan-activity;sid:84565242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702143)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702143/; classtype:trojan-activity;sid:84565243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702134)"; flow:established,from_client; content:"GET"; http_method; content:"/20250416/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702134/; classtype:trojan-activity;sid:84565234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702135)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702135/; classtype:trojan-activity;sid:84565235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702136)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702136/; classtype:trojan-activity;sid:84565236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702130)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702130/; classtype:trojan-activity;sid:84565230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702131)"; flow:established,from_client; content:"GET"; http_method; content:"/20250416/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702131/; classtype:trojan-activity;sid:84565231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702132)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702132/; classtype:trojan-activity;sid:84565232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702127)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702127/; classtype:trojan-activity;sid:84565227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702128)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702128/; classtype:trojan-activity;sid:84565228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702122)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702122/; classtype:trojan-activity;sid:84565222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702123)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702123/; classtype:trojan-activity;sid:84565223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702121)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702121/; classtype:trojan-activity;sid:84565221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702119)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702119/; classtype:trojan-activity;sid:84565219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702115)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702115/; classtype:trojan-activity;sid:84565215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702105)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702105/; classtype:trojan-activity;sid:84565205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702102)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702102/; classtype:trojan-activity;sid:84565202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3702103)"; flow:established,from_client; content:"GET"; http_method; content:"/20220623/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3702103/; classtype:trojan-activity;sid:84565203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701934)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701934/; classtype:trojan-activity;sid:84565034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701924)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701924/; classtype:trojan-activity;sid:84565024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701905)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701905/; classtype:trojan-activity;sid:84565005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701906)"; flow:established,from_client; content:"GET"; http_method; content:"/20180102/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_10; reference:url, urlhaus.abuse.ch/url/3701906/; classtype:trojan-activity;sid:84565006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701320)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.2.111.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701320/; classtype:trojan-activity;sid:84564420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3701203)"; flow:established,from_client; content:"GET"; http_method; content:"/scoto.jpb"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_09; reference:url, urlhaus.abuse.ch/url/3701203/; classtype:trojan-activity;sid:84564303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700663)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"139.196.111.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700663/; classtype:trojan-activity;sid:84563763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700329)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700329/; classtype:trojan-activity;sid:84563429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700276)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700276/; classtype:trojan-activity;sid:84563376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700268)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.158.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700268/; classtype:trojan-activity;sid:84563368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700199)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700199/; classtype:trojan-activity;sid:84563299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700187)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.158.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700187/; classtype:trojan-activity;sid:84563287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700112)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700112/; classtype:trojan-activity;sid:84563212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3700015)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3700015/; classtype:trojan-activity;sid:84563115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699997)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699997/; classtype:trojan-activity;sid:84563097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699967)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"119.91.141.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699967/; classtype:trojan-activity;sid:84563067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699839)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699839/; classtype:trojan-activity;sid:84562939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699812)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699812/; classtype:trojan-activity;sid:84562912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699768)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699768/; classtype:trojan-activity;sid:84562868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699681)"; flow:established,from_client; content:"GET"; http_method; content:"/tinh_cuoc_xe/2025/thanh%20ti%c3%aan/info.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"103.226.249.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699681/; classtype:trojan-activity;sid:84562781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699651)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699651/; classtype:trojan-activity;sid:84562751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699578)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"190.196.38.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699578/; classtype:trojan-activity;sid:84562678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699459)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699459/; classtype:trojan-activity;sid:84562559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699462)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699462/; classtype:trojan-activity;sid:84562562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3699428)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"163.53.178.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_11_08; reference:url, urlhaus.abuse.ch/url/3699428/; classtype:trojan-activity;sid:84562528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698699)"; flow:established,from_client; content:"GET"; http_method; content:"/reprofo.mso"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_07; reference:url, urlhaus.abuse.ch/url/3698699/; classtype:trojan-activity;sid:84561799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698418)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"83.229.126.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698418/; classtype:trojan-activity;sid:84561518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698410)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"59.110.28.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698410/; classtype:trojan-activity;sid:84561510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.250.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698400/; classtype:trojan-activity;sid:84561500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698365)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.241.74.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698365/; classtype:trojan-activity;sid:84561465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698078)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698078/; classtype:trojan-activity;sid:84561178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698077)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698077/; classtype:trojan-activity;sid:84561177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698067)"; flow:established,from_client; content:"GET"; http_method; content:"/20230517/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698067/; classtype:trojan-activity;sid:84561167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698070)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698070/; classtype:trojan-activity;sid:84561170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698062)"; flow:established,from_client; content:"GET"; http_method; content:"/20250210/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698062/; classtype:trojan-activity;sid:84561162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698059)"; flow:established,from_client; content:"GET"; http_method; content:"/20140730/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698059/; classtype:trojan-activity;sid:84561159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698057)"; flow:established,from_client; content:"GET"; http_method; content:"/20250309/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698057/; classtype:trojan-activity;sid:84561157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3698058)"; flow:established,from_client; content:"GET"; http_method; content:"/20240113/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3698058/; classtype:trojan-activity;sid:84561158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697910)"; flow:established,from_client; content:"GET"; http_method; content:"/zddtxxyxb.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697910/; classtype:trojan-activity;sid:84561010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697909)"; flow:established,from_client; content:"GET"; http_method; content:"/i24.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697909/; classtype:trojan-activity;sid:84561009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697908)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697908/; classtype:trojan-activity;sid:84561008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697907)"; flow:established,from_client; content:"GET"; http_method; content:"/eznoted2b1405e.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697907/; classtype:trojan-activity;sid:84561007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697906)"; flow:established,from_client; content:"GET"; http_method; content:"/without_hook.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697906/; classtype:trojan-activity;sid:84561006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697870)"; flow:established,from_client; content:"GET"; http_method; content:"/husk.py"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"101.35.56.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697870/; classtype:trojan-activity;sid:84560970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697816)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697816/; classtype:trojan-activity;sid:84560916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697809)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.158.34.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697809/; classtype:trojan-activity;sid:84560909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697791)"; flow:established,from_client; content:"GET"; http_method; content:"/tran.dsp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697791/; classtype:trojan-activity;sid:84560891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697789)"; flow:established,from_client; content:"GET"; http_method; content:"/aibkp63.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"www.jozefinskiatelje.si"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_11_06; reference:url, urlhaus.abuse.ch/url/3697789/; classtype:trojan-activity;sid:84560889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3697097)"; flow:established,from_client; content:"GET"; http_method; content:"/stb/retev.php|3f|bl=qtuvl0pcseglafunszpre008.txt"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"vcc-library.uk"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3697097/; classtype:trojan-activity;sid:84560197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696992)"; flow:established,from_client; content:"GET"; http_method; content:"/a1l4m/2e771fb306028fabfc8e098427181f78/raw/37f3db6b29d64f1045fb60967d6297f525ddf443/iamthedanger.txt"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"gist.githubusercontent.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2025_11_05; reference:url, urlhaus.abuse.ch/url/3696992/; classtype:trojan-activity;sid:84560092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696132)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696132/; classtype:trojan-activity;sid:84559232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696133)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696133/; classtype:trojan-activity;sid:84559233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696129)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696129/; classtype:trojan-activity;sid:84559229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696114)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696114/; classtype:trojan-activity;sid:84559214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696096)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696096/; classtype:trojan-activity;sid:84559196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696086)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696086/; classtype:trojan-activity;sid:84559186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696082)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696082/; classtype:trojan-activity;sid:84559182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696066)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696066/; classtype:trojan-activity;sid:84559166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696043)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"144.2.111.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696043/; classtype:trojan-activity;sid:84559143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696026)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696026/; classtype:trojan-activity;sid:84559126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696003)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696003/; classtype:trojan-activity;sid:84559103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3696004)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3696004/; classtype:trojan-activity;sid:84559104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695955)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695955/; classtype:trojan-activity;sid:84559055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695952)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695952/; classtype:trojan-activity;sid:84559052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695948)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695948/; classtype:trojan-activity;sid:84559048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695937)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.143.253.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695937/; classtype:trojan-activity;sid:84559037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695923)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695923/; classtype:trojan-activity;sid:84559023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695920)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695920/; classtype:trojan-activity;sid:84559020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695898)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695898/; classtype:trojan-activity;sid:84558998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695884)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695884/; classtype:trojan-activity;sid:84558984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695869)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695869/; classtype:trojan-activity;sid:84558969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695875)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.94.199.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695875/; classtype:trojan-activity;sid:84558975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695854)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695854/; classtype:trojan-activity;sid:84558954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695827)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695827/; classtype:trojan-activity;sid:84558927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695830)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"63.47.210.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_04; reference:url, urlhaus.abuse.ch/url/3695830/; classtype:trojan-activity;sid:84558930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.227.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695114/; classtype:trojan-activity;sid:84558214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3695080)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"88.86.246.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_11_03; reference:url, urlhaus.abuse.ch/url/3695080/; classtype:trojan-activity;sid:84558180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691444)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.149.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691444/; classtype:trojan-activity;sid:84554544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3691440)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"179.43.186.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_30; reference:url, urlhaus.abuse.ch/url/3691440/; classtype:trojan-activity;sid:84554540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3690703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.87.37.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_29; reference:url, urlhaus.abuse.ch/url/3690703/; classtype:trojan-activity;sid:84553803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689713)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"8.137.149.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689713/; classtype:trojan-activity;sid:84552813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3689700)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.197.62.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_28; reference:url, urlhaus.abuse.ch/url/3689700/; classtype:trojan-activity;sid:84552800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688692)"; flow:established,from_client; content:"GET"; http_method; content:"/xmr.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688692/; classtype:trojan-activity;sid:84551792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688690)"; flow:established,from_client; content:"GET"; http_method; content:"/newtpp.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688690/; classtype:trojan-activity;sid:84551790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688658)"; flow:established,from_client; content:"GET"; http_method; content:"/1"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688658/; classtype:trojan-activity;sid:84551758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688659)"; flow:established,from_client; content:"GET"; http_method; content:"/32.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688659/; classtype:trojan-activity;sid:84551759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3688660)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.16.54.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_27; reference:url, urlhaus.abuse.ch/url/3688660/; classtype:trojan-activity;sid:84551760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687916)"; flow:established,from_client; content:"GET"; http_method; content:"/y6m2uw0dgi.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"filerit.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687916/; classtype:trojan-activity;sid:84551016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687914)"; flow:established,from_client; content:"GET"; http_method; content:"/4aa9fqc792.ps1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pub-bfc34934a91a4893817098f73415917a.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687914/; classtype:trojan-activity;sid:84551014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3687753)"; flow:established,from_client; content:"GET"; http_method; content:"/zibll001/ffff/refs/heads/main/web.sh"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2025_10_26; reference:url, urlhaus.abuse.ch/url/3687753/; classtype:trojan-activity;sid:84550853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3685141)"; flow:established,from_client; content:"GET"; http_method; content:"/var/albums/etkinlikler/toplanti/2013/soran.jpg.jpeg"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"galeri3.arkitera.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2025_10_24; reference:url, urlhaus.abuse.ch/url/3685141/; classtype:trojan-activity;sid:84548241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684806)"; flow:established,from_client; content:"GET"; http_method; content:"/zoom/windows/download.php"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"khoancatbetong89.vn"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684806/; classtype:trojan-activity;sid:84547906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684352)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/photo.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684352/; classtype:trojan-activity;sid:84547452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684353)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684353/; classtype:trojan-activity;sid:84547453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684354)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684354/; classtype:trojan-activity;sid:84547454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684347)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684347/; classtype:trojan-activity;sid:84547447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684348)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/av.scr"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684348/; classtype:trojan-activity;sid:84547448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684349)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684349/; classtype:trojan-activity;sid:84547449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684350)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/video.scr"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684350/; classtype:trojan-activity;sid:84547450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684351)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684351/; classtype:trojan-activity;sid:84547451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3684345)"; flow:established,from_client; content:"GET"; http_method; content:"/sda1/upg/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"218.212.2.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_23; reference:url, urlhaus.abuse.ch/url/3684345/; classtype:trojan-activity;sid:84547445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.175.42.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683975/; classtype:trojan-activity;sid:84547075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683567)"; flow:established,from_client; content:"GET"; http_method; content:"/onastroll-2000f5n/5vcye/releases/download/v1.2/launcher.zip"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_22; reference:url, urlhaus.abuse.ch/url/3683567/; classtype:trojan-activity;sid:84546667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683253)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|h=107.173.101.114|7c|26|7c|p=10000|7c|26|7c|t=tcp|7c|26|7c|a=w64|7c|26|7c|stage=true"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683253/; classtype:trojan-activity;sid:84546353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683254)"; flow:established,from_client; content:"GET"; http_method; content:"/|3f|h=107.173.101.114|7c|26|7c|p=10000|7c|26|7c|t=tcp|7c|26|7c|a=w32|7c|26|7c|stage=true"; http_uri; depth:89; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683254/; classtype:trojan-activity;sid:84546354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3683250)"; flow:established,from_client; content:"GET"; http_method; content:"/swt"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"107.173.101.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_21; reference:url, urlhaus.abuse.ch/url/3683250/; classtype:trojan-activity;sid:84546350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682316)"; flow:established,from_client; content:"GET"; http_method; content:"/wheatw.pfm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tehnomag.rs"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682316/; classtype:trojan-activity;sid:84545416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3682317)"; flow:established,from_client; content:"GET"; http_method; content:"/wheatw.pfm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"tehnomag.rs"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_20; reference:url, urlhaus.abuse.ch/url/3682317/; classtype:trojan-activity;sid:84545417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3681048)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.92.43.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3681048/; classtype:trojan-activity;sid:84544148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3680322)"; flow:established,from_client; content:"GET"; http_method; content:"/new/x64-setup.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"tapestryoftruth.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2025_10_18; reference:url, urlhaus.abuse.ch/url/3680322/; classtype:trojan-activity;sid:84543422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678940)"; flow:established,from_client; content:"GET"; http_method; content:"/prefiction.mp4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.sgeseducation.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_15; reference:url, urlhaus.abuse.ch/url/3678940/; classtype:trojan-activity;sid:84542040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3678006)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.153.93.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3678006/; classtype:trojan-activity;sid:84541106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3677521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_14; reference:url, urlhaus.abuse.ch/url/3677521/; classtype:trojan-activity;sid:84540621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3671070)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"68.64.176.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_13; reference:url, urlhaus.abuse.ch/url/3671070/; classtype:trojan-activity;sid:84534170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.140.248.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669939/; classtype:trojan-activity;sid:84533039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3669896)"; flow:established,from_client; content:"GET"; http_method; content:"/wordpress/wp-content/build.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"serasoo.direct.quickconnect.to"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2025_10_12; reference:url, urlhaus.abuse.ch/url/3669896/; classtype:trojan-activity;sid:84532996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668647)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.24.0/xmrig-6.24.0-windows-x64.zip"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668647/; classtype:trojan-activity;sid:84531747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3668586)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"apn-87-251-249-41.static.gprs.plus.pl"; http_host; depth:37; isdataat:!1,relative; metadata:created_at 2025_10_11; reference:url, urlhaus.abuse.ch/url/3668586/; classtype:trojan-activity;sid:84531686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667589)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667589/; classtype:trojan-activity;sid:84530689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667586)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667586/; classtype:trojan-activity;sid:84530686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667588)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667588/; classtype:trojan-activity;sid:84530688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667585)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667585/; classtype:trojan-activity;sid:84530685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667584)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667584/; classtype:trojan-activity;sid:84530684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667582)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667582/; classtype:trojan-activity;sid:84530682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3667583)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.red-81-42-249.staticip.rima-tde.net"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2025_10_10; reference:url, urlhaus.abuse.ch/url/3667583/; classtype:trojan-activity;sid:84530683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666095/; classtype:trojan-activity;sid:84529195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3666091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3666091/; classtype:trojan-activity;sid:84529191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665807)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665807/; classtype:trojan-activity;sid:84528907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665805)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665805/; classtype:trojan-activity;sid:84528905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665801)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.79.192.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665801/; classtype:trojan-activity;sid:84528901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665802)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665802/; classtype:trojan-activity;sid:84528902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665803)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.76.156.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665803/; classtype:trojan-activity;sid:84528903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665799)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665799/; classtype:trojan-activity;sid:84528899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665796)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"75.144.208.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665796/; classtype:trojan-activity;sid:84528896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665788)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.144.208.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665788/; classtype:trojan-activity;sid:84528888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665779)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"75.144.208.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665779/; classtype:trojan-activity;sid:84528879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665767)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665767/; classtype:trojan-activity;sid:84528867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665760)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.91.88.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665760/; classtype:trojan-activity;sid:84528860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665747)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.53.15.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665747/; classtype:trojan-activity;sid:84528847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665742)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.103.203.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665742/; classtype:trojan-activity;sid:84528842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665733)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.26.174.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665733/; classtype:trojan-activity;sid:84528833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665715)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"126.23.203.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665715/; classtype:trojan-activity;sid:84528815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665712)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665712/; classtype:trojan-activity;sid:84528812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665709)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.133.96.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665709/; classtype:trojan-activity;sid:84528809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665699)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665699/; classtype:trojan-activity;sid:84528799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665692)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"155.2.213.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665692/; classtype:trojan-activity;sid:84528792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665677)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.133.96.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665677/; classtype:trojan-activity;sid:84528777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665674)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"155.2.213.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665674/; classtype:trojan-activity;sid:84528774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665671)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"61.160.215.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665671/; classtype:trojan-activity;sid:84528771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665669)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665669/; classtype:trojan-activity;sid:84528769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665664)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665664/; classtype:trojan-activity;sid:84528764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665656)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"130.185.193.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665656/; classtype:trojan-activity;sid:84528756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665611)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.227.140.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665611/; classtype:trojan-activity;sid:84528711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665612)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.147.155.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665612/; classtype:trojan-activity;sid:84528712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3665613)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.133.96.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_09; reference:url, urlhaus.abuse.ch/url/3665613/; classtype:trojan-activity;sid:84528713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3664885)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"120.79.192.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_08; reference:url, urlhaus.abuse.ch/url/3664885/; classtype:trojan-activity;sid:84527985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662908)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.92.43.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662908/; classtype:trojan-activity;sid:84526008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3662805)"; flow:established,from_client; content:"GET"; http_method; content:"/asmroyal/cd4/releases/download/cd4/cd4.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3662805/; classtype:trojan-activity;sid:84525905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3661435)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1afutsiefohaia02gkfjdbgn-kk91hksb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_07; reference:url, urlhaus.abuse.ch/url/3661435/; classtype:trojan-activity;sid:84524535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660738)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660738/; classtype:trojan-activity;sid:84523838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660696)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660696/; classtype:trojan-activity;sid:84523796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660690)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660690/; classtype:trojan-activity;sid:84523790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660688)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660688/; classtype:trojan-activity;sid:84523788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660680)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660680/; classtype:trojan-activity;sid:84523780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660679)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660679/; classtype:trojan-activity;sid:84523779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660677)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660677/; classtype:trojan-activity;sid:84523777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660676)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660676/; classtype:trojan-activity;sid:84523776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660675)"; flow:established,from_client; content:"GET"; http_method; content:"/19000101/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660675/; classtype:trojan-activity;sid:84523775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660674)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660674/; classtype:trojan-activity;sid:84523774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660672)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660672/; classtype:trojan-activity;sid:84523772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660671)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660671/; classtype:trojan-activity;sid:84523771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660670)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660670/; classtype:trojan-activity;sid:84523770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660668)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660668/; classtype:trojan-activity;sid:84523768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660669)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660669/; classtype:trojan-activity;sid:84523769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660665)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660665/; classtype:trojan-activity;sid:84523765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660666)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660666/; classtype:trojan-activity;sid:84523766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660663)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660663/; classtype:trojan-activity;sid:84523763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660664)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660664/; classtype:trojan-activity;sid:84523764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660660)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660660/; classtype:trojan-activity;sid:84523760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660659)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660659/; classtype:trojan-activity;sid:84523759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660657)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660657/; classtype:trojan-activity;sid:84523757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660658)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660658/; classtype:trojan-activity;sid:84523758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660655)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660655/; classtype:trojan-activity;sid:84523755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660656)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660656/; classtype:trojan-activity;sid:84523756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660654)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660654/; classtype:trojan-activity;sid:84523754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660652)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660652/; classtype:trojan-activity;sid:84523752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660653)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660653/; classtype:trojan-activity;sid:84523753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660647)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660647/; classtype:trojan-activity;sid:84523747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660648)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660648/; classtype:trojan-activity;sid:84523748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660649)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660649/; classtype:trojan-activity;sid:84523749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660644)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/av.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660644/; classtype:trojan-activity;sid:84523744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660642)"; flow:established,from_client; content:"GET"; http_method; content:"/r-02-radiole/photo.scr"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660642/; classtype:trojan-activity;sid:84523742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660641)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660641/; classtype:trojan-activity;sid:84523741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660640)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660640/; classtype:trojan-activity;sid:84523740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660639)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660639/; classtype:trojan-activity;sid:84523739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660638)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660638/; classtype:trojan-activity;sid:84523738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660637)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660637/; classtype:trojan-activity;sid:84523737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660636)"; flow:established,from_client; content:"GET"; http_method; content:"/20220801/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660636/; classtype:trojan-activity;sid:84523736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660635)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660635/; classtype:trojan-activity;sid:84523735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660633)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660633/; classtype:trojan-activity;sid:84523733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660631)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660631/; classtype:trojan-activity;sid:84523731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660630)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660630/; classtype:trojan-activity;sid:84523730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660629)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660629/; classtype:trojan-activity;sid:84523729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660627)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660627/; classtype:trojan-activity;sid:84523727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660626)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660626/; classtype:trojan-activity;sid:84523726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660625)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660625/; classtype:trojan-activity;sid:84523725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660624)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660624/; classtype:trojan-activity;sid:84523724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660622)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660622/; classtype:trojan-activity;sid:84523722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660623)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660623/; classtype:trojan-activity;sid:84523723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660621)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660621/; classtype:trojan-activity;sid:84523721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660620)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660620/; classtype:trojan-activity;sid:84523720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660619)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660619/; classtype:trojan-activity;sid:84523719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660618)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660618/; classtype:trojan-activity;sid:84523718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660615)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660615/; classtype:trojan-activity;sid:84523715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660616)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660616/; classtype:trojan-activity;sid:84523716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660614)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660614/; classtype:trojan-activity;sid:84523714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660612)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660612/; classtype:trojan-activity;sid:84523712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660613)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660613/; classtype:trojan-activity;sid:84523713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660611)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660611/; classtype:trojan-activity;sid:84523711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660608)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660608/; classtype:trojan-activity;sid:84523708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660607)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660607/; classtype:trojan-activity;sid:84523707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660605)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660605/; classtype:trojan-activity;sid:84523705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660603)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660603/; classtype:trojan-activity;sid:84523703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660600)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660600/; classtype:trojan-activity;sid:84523700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660599)"; flow:established,from_client; content:"GET"; http_method; content:"/20250302/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660599/; classtype:trojan-activity;sid:84523699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660596)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660596/; classtype:trojan-activity;sid:84523696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660595)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660595/; classtype:trojan-activity;sid:84523695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660594)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660594/; classtype:trojan-activity;sid:84523694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660592)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660592/; classtype:trojan-activity;sid:84523692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660593)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660593/; classtype:trojan-activity;sid:84523693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660590)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660590/; classtype:trojan-activity;sid:84523690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660591)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660591/; classtype:trojan-activity;sid:84523691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660587)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660587/; classtype:trojan-activity;sid:84523687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660588)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660588/; classtype:trojan-activity;sid:84523688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660589)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660589/; classtype:trojan-activity;sid:84523689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660585)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660585/; classtype:trojan-activity;sid:84523685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660583)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660583/; classtype:trojan-activity;sid:84523683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660584)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660584/; classtype:trojan-activity;sid:84523684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660581)"; flow:established,from_client; content:"GET"; http_method; content:"/20250726/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660581/; classtype:trojan-activity;sid:84523681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660582)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660582/; classtype:trojan-activity;sid:84523682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660580)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/av.scr"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660580/; classtype:trojan-activity;sid:84523680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660577)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660577/; classtype:trojan-activity;sid:84523677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660575)"; flow:established,from_client; content:"GET"; http_method; content:"/20250703/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660575/; classtype:trojan-activity;sid:84523675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660576)"; flow:established,from_client; content:"GET"; http_method; content:"/20210118/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660576/; classtype:trojan-activity;sid:84523676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660573)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660573/; classtype:trojan-activity;sid:84523673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660574)"; flow:established,from_client; content:"GET"; http_method; content:"/20250724/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660574/; classtype:trojan-activity;sid:84523674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660571)"; flow:established,from_client; content:"GET"; http_method; content:"/20250615/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660571/; classtype:trojan-activity;sid:84523671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660569)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660569/; classtype:trojan-activity;sid:84523669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660570)"; flow:established,from_client; content:"GET"; http_method; content:"/20250621/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660570/; classtype:trojan-activity;sid:84523670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660568)"; flow:established,from_client; content:"GET"; http_method; content:"/20250725/video.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660568/; classtype:trojan-activity;sid:84523668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660563)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660563/; classtype:trojan-activity;sid:84523663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660564)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660564/; classtype:trojan-activity;sid:84523664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660566)"; flow:established,from_client; content:"GET"; http_method; content:"/20221020/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660566/; classtype:trojan-activity;sid:84523666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660559)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660559/; classtype:trojan-activity;sid:84523659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660560)"; flow:established,from_client; content:"GET"; http_method; content:"/20250721/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660560/; classtype:trojan-activity;sid:84523660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660561)"; flow:established,from_client; content:"GET"; http_method; content:"/20250708/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660561/; classtype:trojan-activity;sid:84523661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660558)"; flow:established,from_client; content:"GET"; http_method; content:"/20230507/photo.scr"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660558/; classtype:trojan-activity;sid:84523658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660552)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660552/; classtype:trojan-activity;sid:84523652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660553)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660553/; classtype:trojan-activity;sid:84523653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660554)"; flow:established,from_client; content:"GET"; http_method; content:"/20250713/photo.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660554/; classtype:trojan-activity;sid:84523654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660555)"; flow:established,from_client; content:"GET"; http_method; content:"/20250722/av.lnk"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660555/; classtype:trojan-activity;sid:84523655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660556)"; flow:established,from_client; content:"GET"; http_method; content:"/20250408/video.lnk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"111.59.254.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660556/; classtype:trojan-activity;sid:84523656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660536)"; flow:established,from_client; content:"GET"; http_method; content:"/pathdata/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"113.57.8.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660536/; classtype:trojan-activity;sid:84523636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660537)"; flow:established,from_client; content:"GET"; http_method; content:"/sxs/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"110.227.197.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660537/; classtype:trojan-activity;sid:84523637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660538)"; flow:established,from_client; content:"GET"; http_method; content:"/user/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"113.57.8.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660538/; classtype:trojan-activity;sid:84523638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660513)"; flow:established,from_client; content:"GET"; http_method; content:"/02.08.2022.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.92.43.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660513/; classtype:trojan-activity;sid:84523613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.25.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660470/; classtype:trojan-activity;sid:84523570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660332)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660332/; classtype:trojan-activity;sid:84523432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660331)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660331/; classtype:trojan-activity;sid:84523431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660329)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660329/; classtype:trojan-activity;sid:84523429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660328)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660328/; classtype:trojan-activity;sid:84523428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3660327)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"81.42.249.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3660327/; classtype:trojan-activity;sid:84523427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659836)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659836/; classtype:trojan-activity;sid:84522936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659835)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.51.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659835/; classtype:trojan-activity;sid:84522935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659834)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659834/; classtype:trojan-activity;sid:84522934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659833)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659833/; classtype:trojan-activity;sid:84522933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659808)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.51.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659808/; classtype:trojan-activity;sid:84522908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659801)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.77.51.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659801/; classtype:trojan-activity;sid:84522901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659802)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"104.187.164.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659802/; classtype:trojan-activity;sid:84522902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659796)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.82.169.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659796/; classtype:trojan-activity;sid:84522896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659797)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.82.169.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659797/; classtype:trojan-activity;sid:84522897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659779)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659779/; classtype:trojan-activity;sid:84522879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659782)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.77.52.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_06; reference:url, urlhaus.abuse.ch/url/3659782/; classtype:trojan-activity;sid:84522882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659722)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"runds.duckdns.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659722/; classtype:trojan-activity;sid:84522822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3659720)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"respaldo2.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3659720/; classtype:trojan-activity;sid:84522820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2025-01-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658970/; classtype:trojan-activity;sid:84522070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-10-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658962/; classtype:trojan-activity;sid:84522062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2020-09-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658957/; classtype:trojan-activity;sid:84522057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000136/2021-11-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658954/; classtype:trojan-activity;sid:84522054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-07-30/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658903/; classtype:trojan-activity;sid:84522003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2023-11-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658778/; classtype:trojan-activity;sid:84521878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/situa%c3%a7%c3%a3o/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658670/; classtype:trojan-activity;sid:84521770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-03-10/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658610/; classtype:trojan-activity;sid:84521710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2023-03-04/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658568/; classtype:trojan-activity;sid:84521668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2021-07-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658555/; classtype:trojan-activity;sid:84521655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-11-12/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658470/; classtype:trojan-activity;sid:84521570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2020-12-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658437/; classtype:trojan-activity;sid:84521537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2022-04-22/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658282/; classtype:trojan-activity;sid:84521382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2023-11-09/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658247/; classtype:trojan-activity;sid:84521347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2019-12-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658173/; classtype:trojan-activity;sid:84521273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000640/2022-04-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658159/; classtype:trojan-activity;sid:84521259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000721/2021-10-21/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658106/; classtype:trojan-activity;sid:84521206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2023-12-25/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658091/; classtype:trojan-activity;sid:84521191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2024-04-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658087/; classtype:trojan-activity;sid:84521187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3658061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000596/2021-08-28/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3658061/; classtype:trojan-activity;sid:84521161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657585)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"exclusionremcoss.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657585/; classtype:trojan-activity;sid:84520685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657586)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"exclusionremcoss.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657586/; classtype:trojan-activity;sid:84520686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657584)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener1.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"exclusionremcoss.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_05; reference:url, urlhaus.abuse.ch/url/3657584/; classtype:trojan-activity;sid:84520684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657239)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener.vbs"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"exclusionremcoss.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657239/; classtype:trojan-activity;sid:84520339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657237)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener1.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"exclusionremcoss.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657237/; classtype:trojan-activity;sid:84520337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3657238)"; flow:established,from_client; content:"GET"; http_method; content:"/proceso.vbs"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"exclusionremcoss.duckdns.org"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3657238/; classtype:trojan-activity;sid:84520338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656729)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656729/; classtype:trojan-activity;sid:84519829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656728)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656728/; classtype:trojan-activity;sid:84519828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656727)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656727/; classtype:trojan-activity;sid:84519827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656726)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656726/; classtype:trojan-activity;sid:84519826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656720)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656720/; classtype:trojan-activity;sid:84519820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656717)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656717/; classtype:trojan-activity;sid:84519817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656718)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656718/; classtype:trojan-activity;sid:84519818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656708)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656708/; classtype:trojan-activity;sid:84519808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656709)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656709/; classtype:trojan-activity;sid:84519809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656710)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656710/; classtype:trojan-activity;sid:84519810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656707/; classtype:trojan-activity;sid:84519807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656704)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656704/; classtype:trojan-activity;sid:84519804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656702)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656702/; classtype:trojan-activity;sid:84519802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656701)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656701/; classtype:trojan-activity;sid:84519801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656696)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656696/; classtype:trojan-activity;sid:84519796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656693)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656693/; classtype:trojan-activity;sid:84519793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656689)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656689/; classtype:trojan-activity;sid:84519789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656692)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"217.115.212.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656692/; classtype:trojan-activity;sid:84519792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656677)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656677/; classtype:trojan-activity;sid:84519777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656671)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.224.70.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656671/; classtype:trojan-activity;sid:84519771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656672)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656672/; classtype:trojan-activity;sid:84519772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656666)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"180.76.153.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656666/; classtype:trojan-activity;sid:84519766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656667)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656667/; classtype:trojan-activity;sid:84519767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656665)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656665/; classtype:trojan-activity;sid:84519765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656662)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656662/; classtype:trojan-activity;sid:84519762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656663)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656663/; classtype:trojan-activity;sid:84519763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656661)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656661/; classtype:trojan-activity;sid:84519761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656658)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656658/; classtype:trojan-activity;sid:84519758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656652)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656652/; classtype:trojan-activity;sid:84519752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656654)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656654/; classtype:trojan-activity;sid:84519754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656648)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656648/; classtype:trojan-activity;sid:84519748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656646)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.226.135.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656646/; classtype:trojan-activity;sid:84519746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656638)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656638/; classtype:trojan-activity;sid:84519738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656639)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656639/; classtype:trojan-activity;sid:84519739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656640)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656640/; classtype:trojan-activity;sid:84519740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656634)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656634/; classtype:trojan-activity;sid:84519734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656635)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656635/; classtype:trojan-activity;sid:84519735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656636)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.224.70.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656636/; classtype:trojan-activity;sid:84519736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656632)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656632/; classtype:trojan-activity;sid:84519732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656630)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656630/; classtype:trojan-activity;sid:84519730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656627)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656627/; classtype:trojan-activity;sid:84519727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656628)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656628/; classtype:trojan-activity;sid:84519728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656621)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656621/; classtype:trojan-activity;sid:84519721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656611)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656611/; classtype:trojan-activity;sid:84519711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656607)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656607/; classtype:trojan-activity;sid:84519707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656608)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656608/; classtype:trojan-activity;sid:84519708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656609)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656609/; classtype:trojan-activity;sid:84519709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656601)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.206.139.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656601/; classtype:trojan-activity;sid:84519701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656602)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656602/; classtype:trojan-activity;sid:84519702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656594)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.148.33.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656594/; classtype:trojan-activity;sid:84519694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656595)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656595/; classtype:trojan-activity;sid:84519695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656581)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656581/; classtype:trojan-activity;sid:84519681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656584)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.170.8.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656584/; classtype:trojan-activity;sid:84519684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656577)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.214.0.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656577/; classtype:trojan-activity;sid:84519677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656574)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.130.209.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656574/; classtype:trojan-activity;sid:84519674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656572)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656572/; classtype:trojan-activity;sid:84519672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656569)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656569/; classtype:trojan-activity;sid:84519669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656566)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.118.38.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656566/; classtype:trojan-activity;sid:84519666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656563)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"90.8.145.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656563/; classtype:trojan-activity;sid:84519663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656552)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656552/; classtype:trojan-activity;sid:84519652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656555)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.240.211.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656555/; classtype:trojan-activity;sid:84519655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656503/; classtype:trojan-activity;sid:84519603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656456/; classtype:trojan-activity;sid:84519556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656398/; classtype:trojan-activity;sid:84519498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656154)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.118.32.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656154/; classtype:trojan-activity;sid:84519254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656140)"; flow:established,from_client; content:"GET"; http_method; content:"/christian%20cg17042021%20xpanel.c3prj/info.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656140/; classtype:trojan-activity;sid:84519240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656061/; classtype:trojan-activity;sid:84519161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656060/; classtype:trojan-activity;sid:84519160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656059)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656059/; classtype:trojan-activity;sid:84519159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656056/; classtype:trojan-activity;sid:84519156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656057)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656057/; classtype:trojan-activity;sid:84519157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656054/; classtype:trojan-activity;sid:84519154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656050)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656050/; classtype:trojan-activity;sid:84519150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656047)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656047/; classtype:trojan-activity;sid:84519147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656037/; classtype:trojan-activity;sid:84519137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656038)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656038/; classtype:trojan-activity;sid:84519138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656030/; classtype:trojan-activity;sid:84519130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656021)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656021/; classtype:trojan-activity;sid:84519121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656019)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656019/; classtype:trojan-activity;sid:84519119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3656007)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3656007/; classtype:trojan-activity;sid:84519107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655977)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655977/; classtype:trojan-activity;sid:84519077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-12-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655975/; classtype:trojan-activity;sid:84519075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655973)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.43.45.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655973/; classtype:trojan-activity;sid:84519073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655969)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655969/; classtype:trojan-activity;sid:84519069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655970)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655970/; classtype:trojan-activity;sid:84519070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655908)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655908/; classtype:trojan-activity;sid:84519008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655903)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655903/; classtype:trojan-activity;sid:84519003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655896)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655896/; classtype:trojan-activity;sid:84518996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655889)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655889/; classtype:trojan-activity;sid:84518989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655887/; classtype:trojan-activity;sid:84518987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655881/; classtype:trojan-activity;sid:84518981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655880/; classtype:trojan-activity;sid:84518980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655875)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655875/; classtype:trojan-activity;sid:84518975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-06-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655867/; classtype:trojan-activity;sid:84518967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655860/; classtype:trojan-activity;sid:84518960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655859)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655859/; classtype:trojan-activity;sid:84518959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655851)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655851/; classtype:trojan-activity;sid:84518951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655844/; classtype:trojan-activity;sid:84518944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655845/; classtype:trojan-activity;sid:84518945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655838/; classtype:trojan-activity;sid:84518938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655839)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655839/; classtype:trojan-activity;sid:84518939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655834)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655834/; classtype:trojan-activity;sid:84518934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655825)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655825/; classtype:trojan-activity;sid:84518925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655824/; classtype:trojan-activity;sid:84518924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655806/; classtype:trojan-activity;sid:84518906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-01-31/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655803/; classtype:trojan-activity;sid:84518903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655801/; classtype:trojan-activity;sid:84518901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655799)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-06-22/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655799/; classtype:trojan-activity;sid:84518899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655797/; classtype:trojan-activity;sid:84518897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655792)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655792/; classtype:trojan-activity;sid:84518892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655791/; classtype:trojan-activity;sid:84518891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-06-02/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655787/; classtype:trojan-activity;sid:84518887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655784)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655784/; classtype:trojan-activity;sid:84518884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655782/; classtype:trojan-activity;sid:84518882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655783)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655783/; classtype:trojan-activity;sid:84518883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655781)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655781/; classtype:trojan-activity;sid:84518881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655775/; classtype:trojan-activity;sid:84518875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655774)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655774/; classtype:trojan-activity;sid:84518874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655768/; classtype:trojan-activity;sid:84518868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655766/; classtype:trojan-activity;sid:84518866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655763)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655763/; classtype:trojan-activity;sid:84518863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655761/; classtype:trojan-activity;sid:84518861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655757)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655757/; classtype:trojan-activity;sid:84518857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655754/; classtype:trojan-activity;sid:84518854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655755)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655755/; classtype:trojan-activity;sid:84518855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655753/; classtype:trojan-activity;sid:84518853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655751)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655751/; classtype:trojan-activity;sid:84518851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655748)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655748/; classtype:trojan-activity;sid:84518848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655743)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-06-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655743/; classtype:trojan-activity;sid:84518843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655745)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655745/; classtype:trojan-activity;sid:84518845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655731)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655731/; classtype:trojan-activity;sid:84518831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655730)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655730/; classtype:trojan-activity;sid:84518830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655718)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655718/; classtype:trojan-activity;sid:84518818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655717/; classtype:trojan-activity;sid:84518817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655714)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655714/; classtype:trojan-activity;sid:84518814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-12-01/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655712/; classtype:trojan-activity;sid:84518812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655699)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655699/; classtype:trojan-activity;sid:84518799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655701)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655701/; classtype:trojan-activity;sid:84518801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655703)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655703/; classtype:trojan-activity;sid:84518803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655696)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655696/; classtype:trojan-activity;sid:84518796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655697)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655697/; classtype:trojan-activity;sid:84518797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655662)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655662/; classtype:trojan-activity;sid:84518762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655665)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655665/; classtype:trojan-activity;sid:84518765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655654)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655654/; classtype:trojan-activity;sid:84518754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655649)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655649/; classtype:trojan-activity;sid:84518749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655646/; classtype:trojan-activity;sid:84518746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655631)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655631/; classtype:trojan-activity;sid:84518731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655596)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655596/; classtype:trojan-activity;sid:84518696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655593)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655593/; classtype:trojan-activity;sid:84518693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655594)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655594/; classtype:trojan-activity;sid:84518694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655590)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655590/; classtype:trojan-activity;sid:84518690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-29/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655586/; classtype:trojan-activity;sid:84518686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655572)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655572/; classtype:trojan-activity;sid:84518672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655562)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655562/; classtype:trojan-activity;sid:84518662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655560)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655560/; classtype:trojan-activity;sid:84518660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655557)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655557/; classtype:trojan-activity;sid:84518657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655559)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655559/; classtype:trojan-activity;sid:84518659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655553)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655553/; classtype:trojan-activity;sid:84518653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655535)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655535/; classtype:trojan-activity;sid:84518635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655518)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655518/; classtype:trojan-activity;sid:84518618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-10-22/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655510/; classtype:trojan-activity;sid:84518610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655507)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655507/; classtype:trojan-activity;sid:84518607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-08-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655503/; classtype:trojan-activity;sid:84518603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655501)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655501/; classtype:trojan-activity;sid:84518601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655495)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655495/; classtype:trojan-activity;sid:84518595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655493)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655493/; classtype:trojan-activity;sid:84518593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655479)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655479/; classtype:trojan-activity;sid:84518579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655476)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655476/; classtype:trojan-activity;sid:84518576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655474)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655474/; classtype:trojan-activity;sid:84518574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655471/; classtype:trojan-activity;sid:84518571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655469)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655469/; classtype:trojan-activity;sid:84518569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655462)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655462/; classtype:trojan-activity;sid:84518562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655461)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655461/; classtype:trojan-activity;sid:84518561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655458)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655458/; classtype:trojan-activity;sid:84518558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655453)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"92.150.82.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655453/; classtype:trojan-activity;sid:84518553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655447)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655447/; classtype:trojan-activity;sid:84518547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655440)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655440/; classtype:trojan-activity;sid:84518540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655442/; classtype:trojan-activity;sid:84518542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655430)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655430/; classtype:trojan-activity;sid:84518530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-12/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655421/; classtype:trojan-activity;sid:84518521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655420)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655420/; classtype:trojan-activity;sid:84518520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-07/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655413/; classtype:trojan-activity;sid:84518513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655411/; classtype:trojan-activity;sid:84518511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655408)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655408/; classtype:trojan-activity;sid:84518508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655403)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655403/; classtype:trojan-activity;sid:84518503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655398)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655398/; classtype:trojan-activity;sid:84518498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655387/; classtype:trojan-activity;sid:84518487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655383)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655383/; classtype:trojan-activity;sid:84518483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655379)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655379/; classtype:trojan-activity;sid:84518479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655378)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655378/; classtype:trojan-activity;sid:84518478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655373/; classtype:trojan-activity;sid:84518473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655362)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655362/; classtype:trojan-activity;sid:84518462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655353/; classtype:trojan-activity;sid:84518453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655348)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655348/; classtype:trojan-activity;sid:84518448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-02-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655345/; classtype:trojan-activity;sid:84518445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655343)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655343/; classtype:trojan-activity;sid:84518443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655339)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655339/; classtype:trojan-activity;sid:84518439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655335)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655335/; classtype:trojan-activity;sid:84518435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-11-14/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655330/; classtype:trojan-activity;sid:84518430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655331/; classtype:trojan-activity;sid:84518431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655329)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655329/; classtype:trojan-activity;sid:84518429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655322)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655322/; classtype:trojan-activity;sid:84518422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655323)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655323/; classtype:trojan-activity;sid:84518423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655321/; classtype:trojan-activity;sid:84518421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655317)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655317/; classtype:trojan-activity;sid:84518417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655313)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655313/; classtype:trojan-activity;sid:84518413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655314/; classtype:trojan-activity;sid:84518414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655311/; classtype:trojan-activity;sid:84518411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655309)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655309/; classtype:trojan-activity;sid:84518409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655306)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655306/; classtype:trojan-activity;sid:84518406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655300/; classtype:trojan-activity;sid:84518400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655295)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655295/; classtype:trojan-activity;sid:84518395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655293/; classtype:trojan-activity;sid:84518393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655291/; classtype:trojan-activity;sid:84518391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655286/; classtype:trojan-activity;sid:84518386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655280)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655280/; classtype:trojan-activity;sid:84518380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655279)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655279/; classtype:trojan-activity;sid:84518379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-02-28/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655274/; classtype:trojan-activity;sid:84518374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655276)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655276/; classtype:trojan-activity;sid:84518376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655272)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655272/; classtype:trojan-activity;sid:84518372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655267)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655267/; classtype:trojan-activity;sid:84518367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655262)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655262/; classtype:trojan-activity;sid:84518362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655259)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655259/; classtype:trojan-activity;sid:84518359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655257/; classtype:trojan-activity;sid:84518357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655253)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655253/; classtype:trojan-activity;sid:84518353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655244)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655244/; classtype:trojan-activity;sid:84518344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655245/; classtype:trojan-activity;sid:84518345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655230)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655230/; classtype:trojan-activity;sid:84518330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655228)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655228/; classtype:trojan-activity;sid:84518328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655222)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655222/; classtype:trojan-activity;sid:84518322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655220/; classtype:trojan-activity;sid:84518320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655213/; classtype:trojan-activity;sid:84518313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655207)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655207/; classtype:trojan-activity;sid:84518307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655200)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655200/; classtype:trojan-activity;sid:84518300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655197)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655197/; classtype:trojan-activity;sid:84518297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655191)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655191/; classtype:trojan-activity;sid:84518291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655179/; classtype:trojan-activity;sid:84518279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655170/; classtype:trojan-activity;sid:84518270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655163)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.8.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655163/; classtype:trojan-activity;sid:84518263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655143)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655143/; classtype:trojan-activity;sid:84518243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655126)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655126/; classtype:trojan-activity;sid:84518226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655116)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655116/; classtype:trojan-activity;sid:84518216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655115)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655115/; classtype:trojan-activity;sid:84518215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655109)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655109/; classtype:trojan-activity;sid:84518209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655099/; classtype:trojan-activity;sid:84518199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655093)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655093/; classtype:trojan-activity;sid:84518193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655094)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655094/; classtype:trojan-activity;sid:84518194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655090)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655090/; classtype:trojan-activity;sid:84518190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655088/; classtype:trojan-activity;sid:84518188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2025-01-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655085/; classtype:trojan-activity;sid:84518185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655084)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655084/; classtype:trojan-activity;sid:84518184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655077)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655077/; classtype:trojan-activity;sid:84518177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655073)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655073/; classtype:trojan-activity;sid:84518173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655072)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655072/; classtype:trojan-activity;sid:84518172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655070)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655070/; classtype:trojan-activity;sid:84518170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655065/; classtype:trojan-activity;sid:84518165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655064)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655064/; classtype:trojan-activity;sid:84518164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655061/; classtype:trojan-activity;sid:84518161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655057)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655057/; classtype:trojan-activity;sid:84518157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655054)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655054/; classtype:trojan-activity;sid:84518154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655052)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655052/; classtype:trojan-activity;sid:84518152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655049)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655049/; classtype:trojan-activity;sid:84518149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655046)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655046/; classtype:trojan-activity;sid:84518146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655044/; classtype:trojan-activity;sid:84518144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655037)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655037/; classtype:trojan-activity;sid:84518137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655038)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655038/; classtype:trojan-activity;sid:84518138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655034/; classtype:trojan-activity;sid:84518134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655028/; classtype:trojan-activity;sid:84518128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655025)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655025/; classtype:trojan-activity;sid:84518125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655021)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655021/; classtype:trojan-activity;sid:84518121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655016)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655016/; classtype:trojan-activity;sid:84518116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655008)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655008/; classtype:trojan-activity;sid:84518108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655005)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655005/; classtype:trojan-activity;sid:84518105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655004)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655004/; classtype:trojan-activity;sid:84518104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3655001)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3655001/; classtype:trojan-activity;sid:84518101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654999)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654999/; classtype:trojan-activity;sid:84518099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654994)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654994/; classtype:trojan-activity;sid:84518094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-01-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654992/; classtype:trojan-activity;sid:84518092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654991)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654991/; classtype:trojan-activity;sid:84518091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654985/; classtype:trojan-activity;sid:84518085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654981/; classtype:trojan-activity;sid:84518081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654973/; classtype:trojan-activity;sid:84518073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654971)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654971/; classtype:trojan-activity;sid:84518071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654972)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654972/; classtype:trojan-activity;sid:84518072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654970)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654970/; classtype:trojan-activity;sid:84518070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654967)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654967/; classtype:trojan-activity;sid:84518067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654966/; classtype:trojan-activity;sid:84518066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654962)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654962/; classtype:trojan-activity;sid:84518062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654953)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654953/; classtype:trojan-activity;sid:84518053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654946)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654946/; classtype:trojan-activity;sid:84518046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654942)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654942/; classtype:trojan-activity;sid:84518042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-07-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654940/; classtype:trojan-activity;sid:84518040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654936)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654936/; classtype:trojan-activity;sid:84518036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654935)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654935/; classtype:trojan-activity;sid:84518035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654927/; classtype:trojan-activity;sid:84518027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654923)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654923/; classtype:trojan-activity;sid:84518023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654921/; classtype:trojan-activity;sid:84518021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654917)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654917/; classtype:trojan-activity;sid:84518017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654902)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654902/; classtype:trojan-activity;sid:84518002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654904)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654904/; classtype:trojan-activity;sid:84518004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654898)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654898/; classtype:trojan-activity;sid:84517998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654894/; classtype:trojan-activity;sid:84517994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654892)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654892/; classtype:trojan-activity;sid:84517992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654884)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654884/; classtype:trojan-activity;sid:84517984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654882/; classtype:trojan-activity;sid:84517982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654880)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654880/; classtype:trojan-activity;sid:84517980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654874)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654874/; classtype:trojan-activity;sid:84517974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654859)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654859/; classtype:trojan-activity;sid:84517959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654860/; classtype:trojan-activity;sid:84517960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654857)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654857/; classtype:trojan-activity;sid:84517957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654853/; classtype:trojan-activity;sid:84517953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654850)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654850/; classtype:trojan-activity;sid:84517950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654829)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654829/; classtype:trojan-activity;sid:84517929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654826)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654826/; classtype:trojan-activity;sid:84517926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654814/; classtype:trojan-activity;sid:84517914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654811)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654811/; classtype:trojan-activity;sid:84517911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654808)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654808/; classtype:trojan-activity;sid:84517908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654806)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654806/; classtype:trojan-activity;sid:84517906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654804)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654804/; classtype:trojan-activity;sid:84517904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654803)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654803/; classtype:trojan-activity;sid:84517903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654799)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654799/; classtype:trojan-activity;sid:84517899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654796/; classtype:trojan-activity;sid:84517896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654793)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654793/; classtype:trojan-activity;sid:84517893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654788)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654788/; classtype:trojan-activity;sid:84517888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654781/; classtype:trojan-activity;sid:84517881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654769)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654769/; classtype:trojan-activity;sid:84517869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654762/; classtype:trojan-activity;sid:84517862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654758)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654758/; classtype:trojan-activity;sid:84517858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654748)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654748/; classtype:trojan-activity;sid:84517848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654747)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654747/; classtype:trojan-activity;sid:84517847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654740)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654740/; classtype:trojan-activity;sid:84517840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654735/; classtype:trojan-activity;sid:84517835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654732)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654732/; classtype:trojan-activity;sid:84517832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-09-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654726/; classtype:trojan-activity;sid:84517826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654721)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654721/; classtype:trojan-activity;sid:84517821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654719)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654719/; classtype:trojan-activity;sid:84517819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654714/; classtype:trojan-activity;sid:84517814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654709)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654709/; classtype:trojan-activity;sid:84517809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654694/; classtype:trojan-activity;sid:84517794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654695/; classtype:trojan-activity;sid:84517795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654682/; classtype:trojan-activity;sid:84517782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654677/; classtype:trojan-activity;sid:84517777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654678/; classtype:trojan-activity;sid:84517778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654673)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654673/; classtype:trojan-activity;sid:84517773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654674/; classtype:trojan-activity;sid:84517774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654668/; classtype:trojan-activity;sid:84517768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654665/; classtype:trojan-activity;sid:84517765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654661)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654661/; classtype:trojan-activity;sid:84517761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654659)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654659/; classtype:trojan-activity;sid:84517759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654657)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654657/; classtype:trojan-activity;sid:84517757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654655)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654655/; classtype:trojan-activity;sid:84517755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654651)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654651/; classtype:trojan-activity;sid:84517751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654647)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654647/; classtype:trojan-activity;sid:84517747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654643/; classtype:trojan-activity;sid:84517743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654641)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654641/; classtype:trojan-activity;sid:84517741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654634)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654634/; classtype:trojan-activity;sid:84517734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-21/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654630/; classtype:trojan-activity;sid:84517730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654622/; classtype:trojan-activity;sid:84517722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654620)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.56.227.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654620/; classtype:trojan-activity;sid:84517720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654610)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654610/; classtype:trojan-activity;sid:84517710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654608/; classtype:trojan-activity;sid:84517708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654600)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654600/; classtype:trojan-activity;sid:84517700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654589)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654589/; classtype:trojan-activity;sid:84517689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654585/; classtype:trojan-activity;sid:84517685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654575/; classtype:trojan-activity;sid:84517675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654555)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654555/; classtype:trojan-activity;sid:84517655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654551)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654551/; classtype:trojan-activity;sid:84517651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654546/; classtype:trojan-activity;sid:84517646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654541)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654541/; classtype:trojan-activity;sid:84517641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654542)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654542/; classtype:trojan-activity;sid:84517642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654533)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654533/; classtype:trojan-activity;sid:84517633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654531)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654531/; classtype:trojan-activity;sid:84517631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654527)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.211.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654527/; classtype:trojan-activity;sid:84517627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654526/; classtype:trojan-activity;sid:84517626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-11-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654522/; classtype:trojan-activity;sid:84517622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654513)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654513/; classtype:trojan-activity;sid:84517613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-15/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654514/; classtype:trojan-activity;sid:84517614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654509/; classtype:trojan-activity;sid:84517609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654508)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654508/; classtype:trojan-activity;sid:84517608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654507/; classtype:trojan-activity;sid:84517607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654504)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654504/; classtype:trojan-activity;sid:84517604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654499)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654499/; classtype:trojan-activity;sid:84517599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654501)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654501/; classtype:trojan-activity;sid:84517601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654498)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654498/; classtype:trojan-activity;sid:84517598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654495)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654495/; classtype:trojan-activity;sid:84517595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654491/; classtype:trojan-activity;sid:84517591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654478)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654478/; classtype:trojan-activity;sid:84517578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654477)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.155.36.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654477/; classtype:trojan-activity;sid:84517577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654474)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654474/; classtype:trojan-activity;sid:84517574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654451)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654451/; classtype:trojan-activity;sid:84517551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654447)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654447/; classtype:trojan-activity;sid:84517547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654445)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654445/; classtype:trojan-activity;sid:84517545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654428/; classtype:trojan-activity;sid:84517528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654392)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654392/; classtype:trojan-activity;sid:84517492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654390)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654390/; classtype:trojan-activity;sid:84517490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654391/; classtype:trojan-activity;sid:84517491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654385)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654385/; classtype:trojan-activity;sid:84517485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654380)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654380/; classtype:trojan-activity;sid:84517480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654378)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654378/; classtype:trojan-activity;sid:84517478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-06-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654372/; classtype:trojan-activity;sid:84517472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654356)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654356/; classtype:trojan-activity;sid:84517456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654342)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654342/; classtype:trojan-activity;sid:84517442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654339)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654339/; classtype:trojan-activity;sid:84517439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654336/; classtype:trojan-activity;sid:84517436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654337)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654337/; classtype:trojan-activity;sid:84517437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654334)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654334/; classtype:trojan-activity;sid:84517434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654333)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654333/; classtype:trojan-activity;sid:84517433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654331/; classtype:trojan-activity;sid:84517431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654326)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654326/; classtype:trojan-activity;sid:84517426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654321)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654321/; classtype:trojan-activity;sid:84517421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654320)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654320/; classtype:trojan-activity;sid:84517420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654312)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654312/; classtype:trojan-activity;sid:84517412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654308)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654308/; classtype:trojan-activity;sid:84517408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654303)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.247.242.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654303/; classtype:trojan-activity;sid:84517403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654299)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654299/; classtype:trojan-activity;sid:84517399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654292/; classtype:trojan-activity;sid:84517392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654288)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654288/; classtype:trojan-activity;sid:84517388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654289)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654289/; classtype:trojan-activity;sid:84517389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654285)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654285/; classtype:trojan-activity;sid:84517385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654283/; classtype:trojan-activity;sid:84517383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654276)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654276/; classtype:trojan-activity;sid:84517376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654273)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654273/; classtype:trojan-activity;sid:84517373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654270/; classtype:trojan-activity;sid:84517370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654268)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654268/; classtype:trojan-activity;sid:84517368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654266)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654266/; classtype:trojan-activity;sid:84517366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654253)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654253/; classtype:trojan-activity;sid:84517353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654247)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654247/; classtype:trojan-activity;sid:84517347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654243)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654243/; classtype:trojan-activity;sid:84517343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654239/; classtype:trojan-activity;sid:84517339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654234)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654234/; classtype:trojan-activity;sid:84517334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654233/; classtype:trojan-activity;sid:84517333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-07/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654216/; classtype:trojan-activity;sid:84517316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654209/; classtype:trojan-activity;sid:84517309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654205)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654205/; classtype:trojan-activity;sid:84517305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654203)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654203/; classtype:trojan-activity;sid:84517303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654204)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654204/; classtype:trojan-activity;sid:84517304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654197)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654197/; classtype:trojan-activity;sid:84517297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654195)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654195/; classtype:trojan-activity;sid:84517295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654192)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654192/; classtype:trojan-activity;sid:84517292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654193)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.10.63.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654193/; classtype:trojan-activity;sid:84517293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-10-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654187/; classtype:trojan-activity;sid:84517287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654185)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654185/; classtype:trojan-activity;sid:84517285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654173)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654173/; classtype:trojan-activity;sid:84517273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654177)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654177/; classtype:trojan-activity;sid:84517277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654163/; classtype:trojan-activity;sid:84517263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654161)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654161/; classtype:trojan-activity;sid:84517261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654149)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.154.249.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654149/; classtype:trojan-activity;sid:84517249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654122)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654122/; classtype:trojan-activity;sid:84517222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654123)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654123/; classtype:trojan-activity;sid:84517223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654119/; classtype:trojan-activity;sid:84517219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654117)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654117/; classtype:trojan-activity;sid:84517217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654113)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654113/; classtype:trojan-activity;sid:84517213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654108)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654108/; classtype:trojan-activity;sid:84517208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654098)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654098/; classtype:trojan-activity;sid:84517198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654088/; classtype:trojan-activity;sid:84517188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654078)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"122.165.240.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654078/; classtype:trojan-activity;sid:84517178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654077)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654077/; classtype:trojan-activity;sid:84517177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654076)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654076/; classtype:trojan-activity;sid:84517176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654074)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654074/; classtype:trojan-activity;sid:84517174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654065)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654065/; classtype:trojan-activity;sid:84517165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654034/; classtype:trojan-activity;sid:84517134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654033/; classtype:trojan-activity;sid:84517133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654032)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654032/; classtype:trojan-activity;sid:84517132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654025/; classtype:trojan-activity;sid:84517125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654024)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654024/; classtype:trojan-activity;sid:84517124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654023/; classtype:trojan-activity;sid:84517123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654022)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654022/; classtype:trojan-activity;sid:84517122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654019)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654019/; classtype:trojan-activity;sid:84517119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654018)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654018/; classtype:trojan-activity;sid:84517118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654017/; classtype:trojan-activity;sid:84517117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654009)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654009/; classtype:trojan-activity;sid:84517109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654005/; classtype:trojan-activity;sid:84517105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654003/; classtype:trojan-activity;sid:84517103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3654000)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3654000/; classtype:trojan-activity;sid:84517100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653997)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653997/; classtype:trojan-activity;sid:84517097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653992/; classtype:trojan-activity;sid:84517092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653985)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653985/; classtype:trojan-activity;sid:84517085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653977)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653977/; classtype:trojan-activity;sid:84517077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653972/; classtype:trojan-activity;sid:84517072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653960)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653960/; classtype:trojan-activity;sid:84517060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653947)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653947/; classtype:trojan-activity;sid:84517047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653941)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653941/; classtype:trojan-activity;sid:84517041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653943/; classtype:trojan-activity;sid:84517043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653939)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653939/; classtype:trojan-activity;sid:84517039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653918)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653918/; classtype:trojan-activity;sid:84517018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653916)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653916/; classtype:trojan-activity;sid:84517016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653914/; classtype:trojan-activity;sid:84517014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653912)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653912/; classtype:trojan-activity;sid:84517012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653910)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653910/; classtype:trojan-activity;sid:84517010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653900)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653900/; classtype:trojan-activity;sid:84517000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653892/; classtype:trojan-activity;sid:84516992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653893)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"203.192.211.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653893/; classtype:trojan-activity;sid:84516993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653885)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653885/; classtype:trojan-activity;sid:84516985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653882/; classtype:trojan-activity;sid:84516982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653878)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.118.32.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653878/; classtype:trojan-activity;sid:84516978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653875/; classtype:trojan-activity;sid:84516975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653874)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653874/; classtype:trojan-activity;sid:84516974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653871)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.198.246.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653871/; classtype:trojan-activity;sid:84516971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653867)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653867/; classtype:trojan-activity;sid:84516967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653864/; classtype:trojan-activity;sid:84516964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653863/; classtype:trojan-activity;sid:84516963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653861/; classtype:trojan-activity;sid:84516961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653858)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653858/; classtype:trojan-activity;sid:84516958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653856/; classtype:trojan-activity;sid:84516956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653853)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653853/; classtype:trojan-activity;sid:84516953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653852/; classtype:trojan-activity;sid:84516952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653848)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653848/; classtype:trojan-activity;sid:84516948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653849/; classtype:trojan-activity;sid:84516949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-06-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653841/; classtype:trojan-activity;sid:84516941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653840)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653840/; classtype:trojan-activity;sid:84516940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653839/; classtype:trojan-activity;sid:84516939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653836/; classtype:trojan-activity;sid:84516936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653831/; classtype:trojan-activity;sid:84516931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653828)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653828/; classtype:trojan-activity;sid:84516928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653826/; classtype:trojan-activity;sid:84516926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653824)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653824/; classtype:trojan-activity;sid:84516924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653823/; classtype:trojan-activity;sid:84516923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653818/; classtype:trojan-activity;sid:84516918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653819/; classtype:trojan-activity;sid:84516919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653813)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653813/; classtype:trojan-activity;sid:84516913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653806)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653806/; classtype:trojan-activity;sid:84516906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653799)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653799/; classtype:trojan-activity;sid:84516899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653792/; classtype:trojan-activity;sid:84516892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-04-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653790/; classtype:trojan-activity;sid:84516890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653785/; classtype:trojan-activity;sid:84516885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653783/; classtype:trojan-activity;sid:84516883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653782/; classtype:trojan-activity;sid:84516882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653781)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"49.205.173.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653781/; classtype:trojan-activity;sid:84516881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653772)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653772/; classtype:trojan-activity;sid:84516872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653770)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653770/; classtype:trojan-activity;sid:84516870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653758/; classtype:trojan-activity;sid:84516858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653756)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"212.27.26.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653756/; classtype:trojan-activity;sid:84516856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653755)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653755/; classtype:trojan-activity;sid:84516855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653751/; classtype:trojan-activity;sid:84516851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653748)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653748/; classtype:trojan-activity;sid:84516848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653745)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"170.55.7.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653745/; classtype:trojan-activity;sid:84516845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653743)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"186.235.86.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653743/; classtype:trojan-activity;sid:84516843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653741/; classtype:trojan-activity;sid:84516841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653737/; classtype:trojan-activity;sid:84516837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653734/; classtype:trojan-activity;sid:84516834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653732)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653732/; classtype:trojan-activity;sid:84516832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653730/; classtype:trojan-activity;sid:84516830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653728/; classtype:trojan-activity;sid:84516828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653725/; classtype:trojan-activity;sid:84516825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653722/; classtype:trojan-activity;sid:84516822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653717)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"32.219.189.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653717/; classtype:trojan-activity;sid:84516817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653713)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"76.136.85.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653713/; classtype:trojan-activity;sid:84516813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653707/; classtype:trojan-activity;sid:84516807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653705)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"168.121.168.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653705/; classtype:trojan-activity;sid:84516805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653704)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-02-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653704/; classtype:trojan-activity;sid:84516804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653703)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"73.51.224.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653703/; classtype:trojan-activity;sid:84516803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-01/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653696/; classtype:trojan-activity;sid:84516796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653695/; classtype:trojan-activity;sid:84516795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653693/; classtype:trojan-activity;sid:84516793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653690)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653690/; classtype:trojan-activity;sid:84516790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653691)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653691/; classtype:trojan-activity;sid:84516791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653685/; classtype:trojan-activity;sid:84516785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653683/; classtype:trojan-activity;sid:84516783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653681/; classtype:trojan-activity;sid:84516781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653675/; classtype:trojan-activity;sid:84516775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653671/; classtype:trojan-activity;sid:84516771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653669)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653669/; classtype:trojan-activity;sid:84516769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-03-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653665/; classtype:trojan-activity;sid:84516765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653666)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653666/; classtype:trojan-activity;sid:84516766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653662)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653662/; classtype:trojan-activity;sid:84516762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653663)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653663/; classtype:trojan-activity;sid:84516763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653661)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653661/; classtype:trojan-activity;sid:84516761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653655)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.179.136.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653655/; classtype:trojan-activity;sid:84516755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653649/; classtype:trojan-activity;sid:84516749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653651)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653651/; classtype:trojan-activity;sid:84516751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653647)"; flow:established,from_client; content:"GET"; http_method; content:"/av.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653647/; classtype:trojan-activity;sid:84516747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653640)"; flow:established,from_client; content:"GET"; http_method; content:"/video.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"49.204.232.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653640/; classtype:trojan-activity;sid:84516740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653633/; classtype:trojan-activity;sid:84516733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653632)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.55.251.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653632/; classtype:trojan-activity;sid:84516732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653627)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"188.82.127.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653627/; classtype:trojan-activity;sid:84516727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653620)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653620/; classtype:trojan-activity;sid:84516720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653621)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653621/; classtype:trojan-activity;sid:84516721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653622)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.13.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653622/; classtype:trojan-activity;sid:84516722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653611)"; flow:established,from_client; content:"GET"; http_method; content:"/av.lnk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653611/; classtype:trojan-activity;sid:84516711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653606/; classtype:trojan-activity;sid:84516706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653607)"; flow:established,from_client; content:"GET"; http_method; content:"/video.lnk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.11.25.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653607/; classtype:trojan-activity;sid:84516707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653605/; classtype:trojan-activity;sid:84516705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653602/; classtype:trojan-activity;sid:84516702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653599/; classtype:trojan-activity;sid:84516699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653598/; classtype:trojan-activity;sid:84516698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653595/; classtype:trojan-activity;sid:84516695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-12-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653593/; classtype:trojan-activity;sid:84516693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653586/; classtype:trojan-activity;sid:84516686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653585/; classtype:trojan-activity;sid:84516685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653577/; classtype:trojan-activity;sid:84516677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653550/; classtype:trojan-activity;sid:84516650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653547)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653547/; classtype:trojan-activity;sid:84516647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653546/; classtype:trojan-activity;sid:84516646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653537)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653537/; classtype:trojan-activity;sid:84516637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653530/; classtype:trojan-activity;sid:84516630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653525/; classtype:trojan-activity;sid:84516625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653526/; classtype:trojan-activity;sid:84516626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653518/; classtype:trojan-activity;sid:84516618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653502/; classtype:trojan-activity;sid:84516602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653500)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-05/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653500/; classtype:trojan-activity;sid:84516600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653494/; classtype:trojan-activity;sid:84516594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653489/; classtype:trojan-activity;sid:84516589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653487)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653487/; classtype:trojan-activity;sid:84516587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653485/; classtype:trojan-activity;sid:84516585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653479)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653479/; classtype:trojan-activity;sid:84516579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653466)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653466/; classtype:trojan-activity;sid:84516566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-04-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653464/; classtype:trojan-activity;sid:84516564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653440/; classtype:trojan-activity;sid:84516540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653427/; classtype:trojan-activity;sid:84516527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653408/; classtype:trojan-activity;sid:84516508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653384/; classtype:trojan-activity;sid:84516484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653380/; classtype:trojan-activity;sid:84516480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653374/; classtype:trojan-activity;sid:84516474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653370/; classtype:trojan-activity;sid:84516470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-07-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653366/; classtype:trojan-activity;sid:84516466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653363/; classtype:trojan-activity;sid:84516463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653352/; classtype:trojan-activity;sid:84516452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653347/; classtype:trojan-activity;sid:84516447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653343/; classtype:trojan-activity;sid:84516443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653333/; classtype:trojan-activity;sid:84516433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653310/; classtype:trojan-activity;sid:84516410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653311)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653311/; classtype:trojan-activity;sid:84516411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653303/; classtype:trojan-activity;sid:84516403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-10-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653304/; classtype:trojan-activity;sid:84516404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653297)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653297/; classtype:trojan-activity;sid:84516397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653293/; classtype:trojan-activity;sid:84516393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653290/; classtype:trojan-activity;sid:84516390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653289/; classtype:trojan-activity;sid:84516389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653288/; classtype:trojan-activity;sid:84516388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653281/; classtype:trojan-activity;sid:84516381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-09-03/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653279/; classtype:trojan-activity;sid:84516379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653278/; classtype:trojan-activity;sid:84516378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653264/; classtype:trojan-activity;sid:84516364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653248/; classtype:trojan-activity;sid:84516348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653250/; classtype:trojan-activity;sid:84516350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-23/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653244/; classtype:trojan-activity;sid:84516344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653243/; classtype:trojan-activity;sid:84516343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653238/; classtype:trojan-activity;sid:84516338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653234/; classtype:trojan-activity;sid:84516334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653208/; classtype:trojan-activity;sid:84516308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653205/; classtype:trojan-activity;sid:84516305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653204/; classtype:trojan-activity;sid:84516304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653183/; classtype:trojan-activity;sid:84516283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653179/; classtype:trojan-activity;sid:84516279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653178/; classtype:trojan-activity;sid:84516278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653176/; classtype:trojan-activity;sid:84516276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653177/; classtype:trojan-activity;sid:84516277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653173/; classtype:trojan-activity;sid:84516273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653169/; classtype:trojan-activity;sid:84516269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653171/; classtype:trojan-activity;sid:84516271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653172/; classtype:trojan-activity;sid:84516272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653163/; classtype:trojan-activity;sid:84516263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653166/; classtype:trojan-activity;sid:84516266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653159/; classtype:trojan-activity;sid:84516259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653160/; classtype:trojan-activity;sid:84516260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653161/; classtype:trojan-activity;sid:84516261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653156/; classtype:trojan-activity;sid:84516256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-10-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653155/; classtype:trojan-activity;sid:84516255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653152/; classtype:trojan-activity;sid:84516252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-01-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653151/; classtype:trojan-activity;sid:84516251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-16/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653149/; classtype:trojan-activity;sid:84516249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653148/; classtype:trojan-activity;sid:84516248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653140/; classtype:trojan-activity;sid:84516240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653137/; classtype:trojan-activity;sid:84516237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653136/; classtype:trojan-activity;sid:84516236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653132/; classtype:trojan-activity;sid:84516232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653121/; classtype:trojan-activity;sid:84516221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653114/; classtype:trojan-activity;sid:84516214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653111/; classtype:trojan-activity;sid:84516211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653107/; classtype:trojan-activity;sid:84516207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653104/; classtype:trojan-activity;sid:84516204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653097/; classtype:trojan-activity;sid:84516197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653094/; classtype:trojan-activity;sid:84516194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653079/; classtype:trojan-activity;sid:84516179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653073/; classtype:trojan-activity;sid:84516173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653066/; classtype:trojan-activity;sid:84516166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653056/; classtype:trojan-activity;sid:84516156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653054/; classtype:trojan-activity;sid:84516154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653051/; classtype:trojan-activity;sid:84516151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653047/; classtype:trojan-activity;sid:84516147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-05-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653049/; classtype:trojan-activity;sid:84516149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653044/; classtype:trojan-activity;sid:84516144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653041/; classtype:trojan-activity;sid:84516141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653042/; classtype:trojan-activity;sid:84516142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653038/; classtype:trojan-activity;sid:84516138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653025/; classtype:trojan-activity;sid:84516125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653016/; classtype:trojan-activity;sid:84516116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3653011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-02-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3653011/; classtype:trojan-activity;sid:84516111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652998/; classtype:trojan-activity;sid:84516098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652994/; classtype:trojan-activity;sid:84516094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652988/; classtype:trojan-activity;sid:84516088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652989/; classtype:trojan-activity;sid:84516089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652985/; classtype:trojan-activity;sid:84516085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652976/; classtype:trojan-activity;sid:84516076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652977/; classtype:trojan-activity;sid:84516077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652970/; classtype:trojan-activity;sid:84516070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652962/; classtype:trojan-activity;sid:84516062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652960/; classtype:trojan-activity;sid:84516060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652954/; classtype:trojan-activity;sid:84516054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652953/; classtype:trojan-activity;sid:84516053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652940/; classtype:trojan-activity;sid:84516040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652935/; classtype:trojan-activity;sid:84516035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652932/; classtype:trojan-activity;sid:84516032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652933/; classtype:trojan-activity;sid:84516033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652926/; classtype:trojan-activity;sid:84516026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652923/; classtype:trojan-activity;sid:84516023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652921/; classtype:trojan-activity;sid:84516021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652919/; classtype:trojan-activity;sid:84516019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652920/; classtype:trojan-activity;sid:84516020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652895/; classtype:trojan-activity;sid:84515995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652869/; classtype:trojan-activity;sid:84515969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652865/; classtype:trojan-activity;sid:84515965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652851/; classtype:trojan-activity;sid:84515951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652843/; classtype:trojan-activity;sid:84515943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652837/; classtype:trojan-activity;sid:84515937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652820/; classtype:trojan-activity;sid:84515920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652821/; classtype:trojan-activity;sid:84515921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652803/; classtype:trojan-activity;sid:84515903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652788/; classtype:trojan-activity;sid:84515888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652789/; classtype:trojan-activity;sid:84515889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652777/; classtype:trojan-activity;sid:84515877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652776/; classtype:trojan-activity;sid:84515876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652772/; classtype:trojan-activity;sid:84515872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652725/; classtype:trojan-activity;sid:84515825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652723)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652723/; classtype:trojan-activity;sid:84515823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652718/; classtype:trojan-activity;sid:84515818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652719/; classtype:trojan-activity;sid:84515819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652720/; classtype:trojan-activity;sid:84515820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652721/; classtype:trojan-activity;sid:84515821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652716/; classtype:trojan-activity;sid:84515816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652717/; classtype:trojan-activity;sid:84515817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652705/; classtype:trojan-activity;sid:84515805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652707/; classtype:trojan-activity;sid:84515807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652702/; classtype:trojan-activity;sid:84515802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652696/; classtype:trojan-activity;sid:84515796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652692/; classtype:trojan-activity;sid:84515792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652683/; classtype:trojan-activity;sid:84515783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652675/; classtype:trojan-activity;sid:84515775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652645/; classtype:trojan-activity;sid:84515745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-05-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652637/; classtype:trojan-activity;sid:84515737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-03-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652640/; classtype:trojan-activity;sid:84515740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652636)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652636/; classtype:trojan-activity;sid:84515736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652629/; classtype:trojan-activity;sid:84515729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652618)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652618/; classtype:trojan-activity;sid:84515718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652617/; classtype:trojan-activity;sid:84515717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652593/; classtype:trojan-activity;sid:84515693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-30/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652591/; classtype:trojan-activity;sid:84515691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652578/; classtype:trojan-activity;sid:84515678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652573/; classtype:trojan-activity;sid:84515673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652564/; classtype:trojan-activity;sid:84515664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652486)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652486/; classtype:trojan-activity;sid:84515586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652485)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652485/; classtype:trojan-activity;sid:84515585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652484)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652484/; classtype:trojan-activity;sid:84515584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652482/; classtype:trojan-activity;sid:84515582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652481)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652481/; classtype:trojan-activity;sid:84515581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652480/; classtype:trojan-activity;sid:84515580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652478)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652478/; classtype:trojan-activity;sid:84515578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652476)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652476/; classtype:trojan-activity;sid:84515576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652474)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652474/; classtype:trojan-activity;sid:84515574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652475)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652475/; classtype:trojan-activity;sid:84515575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652473)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652473/; classtype:trojan-activity;sid:84515573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-09-26/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652472/; classtype:trojan-activity;sid:84515572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652471)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652471/; classtype:trojan-activity;sid:84515571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652470)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652470/; classtype:trojan-activity;sid:84515570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-05-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652468/; classtype:trojan-activity;sid:84515568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652469)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652469/; classtype:trojan-activity;sid:84515569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652464)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652464/; classtype:trojan-activity;sid:84515564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-04-03/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652465/; classtype:trojan-activity;sid:84515565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652463)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652463/; classtype:trojan-activity;sid:84515563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652461/; classtype:trojan-activity;sid:84515561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652460)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652460/; classtype:trojan-activity;sid:84515560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652459/; classtype:trojan-activity;sid:84515559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652457/; classtype:trojan-activity;sid:84515557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652456)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-09-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652456/; classtype:trojan-activity;sid:84515556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652455/; classtype:trojan-activity;sid:84515555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-03-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652454/; classtype:trojan-activity;sid:84515554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652453)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652453/; classtype:trojan-activity;sid:84515553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652451)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652451/; classtype:trojan-activity;sid:84515551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652452)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652452/; classtype:trojan-activity;sid:84515552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652449)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652449/; classtype:trojan-activity;sid:84515549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652445)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652445/; classtype:trojan-activity;sid:84515545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652446)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652446/; classtype:trojan-activity;sid:84515546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652447)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652447/; classtype:trojan-activity;sid:84515547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652448)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652448/; classtype:trojan-activity;sid:84515548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652442)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652442/; classtype:trojan-activity;sid:84515542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652444)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652444/; classtype:trojan-activity;sid:84515544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652441/; classtype:trojan-activity;sid:84515541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652439/; classtype:trojan-activity;sid:84515539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652437)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652437/; classtype:trojan-activity;sid:84515537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652438)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652438/; classtype:trojan-activity;sid:84515538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652436)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652436/; classtype:trojan-activity;sid:84515536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652435)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652435/; classtype:trojan-activity;sid:84515535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652434)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652434/; classtype:trojan-activity;sid:84515534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652433)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652433/; classtype:trojan-activity;sid:84515533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652431/; classtype:trojan-activity;sid:84515531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652430/; classtype:trojan-activity;sid:84515530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652429)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652429/; classtype:trojan-activity;sid:84515529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652427)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652427/; classtype:trojan-activity;sid:84515527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652428)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652428/; classtype:trojan-activity;sid:84515528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652426)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652426/; classtype:trojan-activity;sid:84515526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652425)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652425/; classtype:trojan-activity;sid:84515525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652424/; classtype:trojan-activity;sid:84515524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652423/; classtype:trojan-activity;sid:84515523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652421)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652421/; classtype:trojan-activity;sid:84515521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652422/; classtype:trojan-activity;sid:84515522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652419)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652419/; classtype:trojan-activity;sid:84515519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652420)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652420/; classtype:trojan-activity;sid:84515520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652417)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652417/; classtype:trojan-activity;sid:84515517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652418/; classtype:trojan-activity;sid:84515518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652415)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652415/; classtype:trojan-activity;sid:84515515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-12-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652416/; classtype:trojan-activity;sid:84515516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652414/; classtype:trojan-activity;sid:84515514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652413)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652413/; classtype:trojan-activity;sid:84515513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652412/; classtype:trojan-activity;sid:84515512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652411/; classtype:trojan-activity;sid:84515511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652408)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652408/; classtype:trojan-activity;sid:84515508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652404)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652404/; classtype:trojan-activity;sid:84515504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652407)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652407/; classtype:trojan-activity;sid:84515507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652402)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652402/; classtype:trojan-activity;sid:84515502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652403)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652403/; classtype:trojan-activity;sid:84515503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652401)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652401/; classtype:trojan-activity;sid:84515501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652399)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652399/; classtype:trojan-activity;sid:84515499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652400)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652400/; classtype:trojan-activity;sid:84515500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652397/; classtype:trojan-activity;sid:84515497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652398)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652398/; classtype:trojan-activity;sid:84515498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652395/; classtype:trojan-activity;sid:84515495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652396)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-29/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652396/; classtype:trojan-activity;sid:84515496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-01-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652391/; classtype:trojan-activity;sid:84515491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652392/; classtype:trojan-activity;sid:84515492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652389/; classtype:trojan-activity;sid:84515489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652386/; classtype:trojan-activity;sid:84515486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652387/; classtype:trojan-activity;sid:84515487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652384)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-11-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652384/; classtype:trojan-activity;sid:84515484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652383/; classtype:trojan-activity;sid:84515483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652380)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652380/; classtype:trojan-activity;sid:84515480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652381/; classtype:trojan-activity;sid:84515481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652382/; classtype:trojan-activity;sid:84515482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652377/; classtype:trojan-activity;sid:84515477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652376)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652376/; classtype:trojan-activity;sid:84515476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652375/; classtype:trojan-activity;sid:84515475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652373)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652373/; classtype:trojan-activity;sid:84515473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652374/; classtype:trojan-activity;sid:84515474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-05-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652372/; classtype:trojan-activity;sid:84515472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652371/; classtype:trojan-activity;sid:84515471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652370/; classtype:trojan-activity;sid:84515470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652368)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652368/; classtype:trojan-activity;sid:84515468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652369)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652369/; classtype:trojan-activity;sid:84515469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652367)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-02-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652367/; classtype:trojan-activity;sid:84515467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652366/; classtype:trojan-activity;sid:84515466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-11/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652365/; classtype:trojan-activity;sid:84515465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652363)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652363/; classtype:trojan-activity;sid:84515463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652364/; classtype:trojan-activity;sid:84515464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-10-13/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652360/; classtype:trojan-activity;sid:84515460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652359)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652359/; classtype:trojan-activity;sid:84515459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652357/; classtype:trojan-activity;sid:84515457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652356)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652356/; classtype:trojan-activity;sid:84515456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652353/; classtype:trojan-activity;sid:84515453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652354/; classtype:trojan-activity;sid:84515454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652349)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652349/; classtype:trojan-activity;sid:84515449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652351)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652351/; classtype:trojan-activity;sid:84515451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652352)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652352/; classtype:trojan-activity;sid:84515452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652347/; classtype:trojan-activity;sid:84515447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652346/; classtype:trojan-activity;sid:84515446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652342)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-10-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652342/; classtype:trojan-activity;sid:84515442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652343)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652343/; classtype:trojan-activity;sid:84515443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652344)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652344/; classtype:trojan-activity;sid:84515444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652345)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652345/; classtype:trojan-activity;sid:84515445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652340/; classtype:trojan-activity;sid:84515440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652336)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652336/; classtype:trojan-activity;sid:84515436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652337/; classtype:trojan-activity;sid:84515437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652338/; classtype:trojan-activity;sid:84515438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652339)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652339/; classtype:trojan-activity;sid:84515439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652335/; classtype:trojan-activity;sid:84515435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652333)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652333/; classtype:trojan-activity;sid:84515433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652331/; classtype:trojan-activity;sid:84515431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652326/; classtype:trojan-activity;sid:84515426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652327/; classtype:trojan-activity;sid:84515427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652328)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652328/; classtype:trojan-activity;sid:84515428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652329/; classtype:trojan-activity;sid:84515429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652330)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652330/; classtype:trojan-activity;sid:84515430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652325/; classtype:trojan-activity;sid:84515425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652324)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-09-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652324/; classtype:trojan-activity;sid:84515424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652323/; classtype:trojan-activity;sid:84515423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652322)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652322/; classtype:trojan-activity;sid:84515422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652320)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652320/; classtype:trojan-activity;sid:84515420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652321/; classtype:trojan-activity;sid:84515421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652318)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-09/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652318/; classtype:trojan-activity;sid:84515418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652319)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652319/; classtype:trojan-activity;sid:84515419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652317)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652317/; classtype:trojan-activity;sid:84515417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652316)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652316/; classtype:trojan-activity;sid:84515416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652314)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652314/; classtype:trojan-activity;sid:84515414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652312)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652312/; classtype:trojan-activity;sid:84515412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652313)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-06-04/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652313/; classtype:trojan-activity;sid:84515413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652310/; classtype:trojan-activity;sid:84515410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652309/; classtype:trojan-activity;sid:84515409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652307)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652307/; classtype:trojan-activity;sid:84515407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652305)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652305/; classtype:trojan-activity;sid:84515405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652306/; classtype:trojan-activity;sid:84515406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652304)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652304/; classtype:trojan-activity;sid:84515404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652303/; classtype:trojan-activity;sid:84515403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652300/; classtype:trojan-activity;sid:84515400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652301)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652301/; classtype:trojan-activity;sid:84515401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652302)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652302/; classtype:trojan-activity;sid:84515402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652298)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652298/; classtype:trojan-activity;sid:84515398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652296)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652296/; classtype:trojan-activity;sid:84515396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652294)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652294/; classtype:trojan-activity;sid:84515394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652295/; classtype:trojan-activity;sid:84515395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652293)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652293/; classtype:trojan-activity;sid:84515393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652292)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-01-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652292/; classtype:trojan-activity;sid:84515392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652291)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652291/; classtype:trojan-activity;sid:84515391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652290)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652290/; classtype:trojan-activity;sid:84515390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652289)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652289/; classtype:trojan-activity;sid:84515389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652288)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-25/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652288/; classtype:trojan-activity;sid:84515388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652287)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652287/; classtype:trojan-activity;sid:84515387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652286)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652286/; classtype:trojan-activity;sid:84515386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652285)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652285/; classtype:trojan-activity;sid:84515385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652284)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652284/; classtype:trojan-activity;sid:84515384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652282)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652282/; classtype:trojan-activity;sid:84515382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652283)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652283/; classtype:trojan-activity;sid:84515383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652280)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652280/; classtype:trojan-activity;sid:84515380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652281)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652281/; classtype:trojan-activity;sid:84515381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652279)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652279/; classtype:trojan-activity;sid:84515379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652277)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652277/; classtype:trojan-activity;sid:84515377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652278/; classtype:trojan-activity;sid:84515378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652275)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652275/; classtype:trojan-activity;sid:84515375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652276/; classtype:trojan-activity;sid:84515376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652273)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652273/; classtype:trojan-activity;sid:84515373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652274)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652274/; classtype:trojan-activity;sid:84515374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652272)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652272/; classtype:trojan-activity;sid:84515372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652270/; classtype:trojan-activity;sid:84515370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-29/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652269/; classtype:trojan-activity;sid:84515369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652268)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652268/; classtype:trojan-activity;sid:84515368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652265)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652265/; classtype:trojan-activity;sid:84515365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652264)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652264/; classtype:trojan-activity;sid:84515364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652263)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652263/; classtype:trojan-activity;sid:84515363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652262)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652262/; classtype:trojan-activity;sid:84515362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652261)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652261/; classtype:trojan-activity;sid:84515361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652259/; classtype:trojan-activity;sid:84515359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652260)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652260/; classtype:trojan-activity;sid:84515360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652257)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652257/; classtype:trojan-activity;sid:84515357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652256)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652256/; classtype:trojan-activity;sid:84515356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652255)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652255/; classtype:trojan-activity;sid:84515355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-11-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652250/; classtype:trojan-activity;sid:84515350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652248)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652248/; classtype:trojan-activity;sid:84515348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652249)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652249/; classtype:trojan-activity;sid:84515349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652246)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652246/; classtype:trojan-activity;sid:84515346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652245)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652245/; classtype:trojan-activity;sid:84515345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652244/; classtype:trojan-activity;sid:84515344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652243/; classtype:trojan-activity;sid:84515343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652241)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652241/; classtype:trojan-activity;sid:84515341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652242/; classtype:trojan-activity;sid:84515342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652239)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-10/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652239/; classtype:trojan-activity;sid:84515339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652240)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652240/; classtype:trojan-activity;sid:84515340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652238)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652238/; classtype:trojan-activity;sid:84515338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652237)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652237/; classtype:trojan-activity;sid:84515337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652236)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-07-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652236/; classtype:trojan-activity;sid:84515336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652235)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-27/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652235/; classtype:trojan-activity;sid:84515335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652234)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652234/; classtype:trojan-activity;sid:84515334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652232)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652232/; classtype:trojan-activity;sid:84515332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652233)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652233/; classtype:trojan-activity;sid:84515333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652230)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652230/; classtype:trojan-activity;sid:84515330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652231)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652231/; classtype:trojan-activity;sid:84515331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652229)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-02-12/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652229/; classtype:trojan-activity;sid:84515329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652225)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-25/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652225/; classtype:trojan-activity;sid:84515325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652223)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652223/; classtype:trojan-activity;sid:84515323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652221)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652221/; classtype:trojan-activity;sid:84515321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652222/; classtype:trojan-activity;sid:84515322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652219)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652219/; classtype:trojan-activity;sid:84515319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652220)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652220/; classtype:trojan-activity;sid:84515320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652217)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652217/; classtype:trojan-activity;sid:84515317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652216)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652216/; classtype:trojan-activity;sid:84515316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652214/; classtype:trojan-activity;sid:84515314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652215/; classtype:trojan-activity;sid:84515315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652213/; classtype:trojan-activity;sid:84515313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652211)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652211/; classtype:trojan-activity;sid:84515311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652210)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652210/; classtype:trojan-activity;sid:84515310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652209)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652209/; classtype:trojan-activity;sid:84515309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652208)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652208/; classtype:trojan-activity;sid:84515308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652206)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652206/; classtype:trojan-activity;sid:84515306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652207)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652207/; classtype:trojan-activity;sid:84515307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652205)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652205/; classtype:trojan-activity;sid:84515305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652204)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652204/; classtype:trojan-activity;sid:84515304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652203)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652203/; classtype:trojan-activity;sid:84515303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652201/; classtype:trojan-activity;sid:84515301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652198)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652198/; classtype:trojan-activity;sid:84515298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652200)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652200/; classtype:trojan-activity;sid:84515300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652197)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652197/; classtype:trojan-activity;sid:84515297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-06/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652196/; classtype:trojan-activity;sid:84515296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652193/; classtype:trojan-activity;sid:84515293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652194)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652194/; classtype:trojan-activity;sid:84515294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652192)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652192/; classtype:trojan-activity;sid:84515292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652186/; classtype:trojan-activity;sid:84515286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652187/; classtype:trojan-activity;sid:84515287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652188/; classtype:trojan-activity;sid:84515288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652189/; classtype:trojan-activity;sid:84515289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652190)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652190/; classtype:trojan-activity;sid:84515290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652191/; classtype:trojan-activity;sid:84515291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652185/; classtype:trojan-activity;sid:84515285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652184/; classtype:trojan-activity;sid:84515284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652183/; classtype:trojan-activity;sid:84515283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652181/; classtype:trojan-activity;sid:84515281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652180/; classtype:trojan-activity;sid:84515280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652179/; classtype:trojan-activity;sid:84515279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652176/; classtype:trojan-activity;sid:84515276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652177/; classtype:trojan-activity;sid:84515277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652178/; classtype:trojan-activity;sid:84515278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652175/; classtype:trojan-activity;sid:84515275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652174/; classtype:trojan-activity;sid:84515274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652173/; classtype:trojan-activity;sid:84515273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652171/; classtype:trojan-activity;sid:84515271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652169/; classtype:trojan-activity;sid:84515269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652170/; classtype:trojan-activity;sid:84515270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652167/; classtype:trojan-activity;sid:84515267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652166/; classtype:trojan-activity;sid:84515266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652165/; classtype:trojan-activity;sid:84515265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652164/; classtype:trojan-activity;sid:84515264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652163/; classtype:trojan-activity;sid:84515263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-24/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652162/; classtype:trojan-activity;sid:84515262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652161/; classtype:trojan-activity;sid:84515261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652160/; classtype:trojan-activity;sid:84515260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652157/; classtype:trojan-activity;sid:84515257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652158/; classtype:trojan-activity;sid:84515258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652159/; classtype:trojan-activity;sid:84515259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652156)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652156/; classtype:trojan-activity;sid:84515256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652154/; classtype:trojan-activity;sid:84515254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652152)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652152/; classtype:trojan-activity;sid:84515252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652153/; classtype:trojan-activity;sid:84515253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652151/; classtype:trojan-activity;sid:84515251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652150/; classtype:trojan-activity;sid:84515250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652147/; classtype:trojan-activity;sid:84515247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652148/; classtype:trojan-activity;sid:84515248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652149/; classtype:trojan-activity;sid:84515249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652144/; classtype:trojan-activity;sid:84515244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652145/; classtype:trojan-activity;sid:84515245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652146/; classtype:trojan-activity;sid:84515246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652141/; classtype:trojan-activity;sid:84515241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-10-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652143/; classtype:trojan-activity;sid:84515243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652138/; classtype:trojan-activity;sid:84515238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652140/; classtype:trojan-activity;sid:84515240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652136/; classtype:trojan-activity;sid:84515236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652137/; classtype:trojan-activity;sid:84515237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652135/; classtype:trojan-activity;sid:84515235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652132)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652132/; classtype:trojan-activity;sid:84515232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652134/; classtype:trojan-activity;sid:84515234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652128/; classtype:trojan-activity;sid:84515228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652129/; classtype:trojan-activity;sid:84515229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652130/; classtype:trojan-activity;sid:84515230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652131/; classtype:trojan-activity;sid:84515231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652126)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652126/; classtype:trojan-activity;sid:84515226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652122/; classtype:trojan-activity;sid:84515222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652124/; classtype:trojan-activity;sid:84515224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652121)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-03-24/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652121/; classtype:trojan-activity;sid:84515221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652120/; classtype:trojan-activity;sid:84515220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652119/; classtype:trojan-activity;sid:84515219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652112/; classtype:trojan-activity;sid:84515212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652113/; classtype:trojan-activity;sid:84515213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652114/; classtype:trojan-activity;sid:84515214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652115/; classtype:trojan-activity;sid:84515215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652116/; classtype:trojan-activity;sid:84515216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652118/; classtype:trojan-activity;sid:84515218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652108/; classtype:trojan-activity;sid:84515208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652109/; classtype:trojan-activity;sid:84515209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652110/; classtype:trojan-activity;sid:84515210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652111/; classtype:trojan-activity;sid:84515211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652107/; classtype:trojan-activity;sid:84515207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652105/; classtype:trojan-activity;sid:84515205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652106/; classtype:trojan-activity;sid:84515206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652103/; classtype:trojan-activity;sid:84515203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652104/; classtype:trojan-activity;sid:84515204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-19/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652101/; classtype:trojan-activity;sid:84515201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-10-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652099/; classtype:trojan-activity;sid:84515199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652100/; classtype:trojan-activity;sid:84515200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652098/; classtype:trojan-activity;sid:84515198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652097/; classtype:trojan-activity;sid:84515197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652095/; classtype:trojan-activity;sid:84515195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-04-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652094/; classtype:trojan-activity;sid:84515194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-13/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652091/; classtype:trojan-activity;sid:84515191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652092/; classtype:trojan-activity;sid:84515192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652090/; classtype:trojan-activity;sid:84515190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-01-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652084/; classtype:trojan-activity;sid:84515184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-05-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652086/; classtype:trojan-activity;sid:84515186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-12-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652088/; classtype:trojan-activity;sid:84515188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652089/; classtype:trojan-activity;sid:84515189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652081)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652081/; classtype:trojan-activity;sid:84515181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652082/; classtype:trojan-activity;sid:84515182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-07/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652083/; classtype:trojan-activity;sid:84515183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652078/; classtype:trojan-activity;sid:84515178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2022-03-17/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652079/; classtype:trojan-activity;sid:84515179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652075)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652075/; classtype:trojan-activity;sid:84515175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652076/; classtype:trojan-activity;sid:84515176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652077/; classtype:trojan-activity;sid:84515177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652071/; classtype:trojan-activity;sid:84515171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652067/; classtype:trojan-activity;sid:84515167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652068/; classtype:trojan-activity;sid:84515168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652060/; classtype:trojan-activity;sid:84515160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-10-24/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652061/; classtype:trojan-activity;sid:84515161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652063/; classtype:trojan-activity;sid:84515163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652064/; classtype:trojan-activity;sid:84515164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-11-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652065/; classtype:trojan-activity;sid:84515165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652066)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652066/; classtype:trojan-activity;sid:84515166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652057/; classtype:trojan-activity;sid:84515157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652058/; classtype:trojan-activity;sid:84515158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652053/; classtype:trojan-activity;sid:84515153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652054/; classtype:trojan-activity;sid:84515154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-08-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652048/; classtype:trojan-activity;sid:84515148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652049/; classtype:trojan-activity;sid:84515149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652050/; classtype:trojan-activity;sid:84515150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652051/; classtype:trojan-activity;sid:84515151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652052/; classtype:trojan-activity;sid:84515152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652045/; classtype:trojan-activity;sid:84515145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652046/; classtype:trojan-activity;sid:84515146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652042/; classtype:trojan-activity;sid:84515142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652043/; classtype:trojan-activity;sid:84515143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652041/; classtype:trojan-activity;sid:84515141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652039/; classtype:trojan-activity;sid:84515139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652040/; classtype:trojan-activity;sid:84515140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652036/; classtype:trojan-activity;sid:84515136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652037/; classtype:trojan-activity;sid:84515137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652038/; classtype:trojan-activity;sid:84515138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652034/; classtype:trojan-activity;sid:84515134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652025/; classtype:trojan-activity;sid:84515125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652026/; classtype:trojan-activity;sid:84515126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652027/; classtype:trojan-activity;sid:84515127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652028/; classtype:trojan-activity;sid:84515128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652029/; classtype:trojan-activity;sid:84515129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652030/; classtype:trojan-activity;sid:84515130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652031)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652031/; classtype:trojan-activity;sid:84515131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-07-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652024/; classtype:trojan-activity;sid:84515124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652023/; classtype:trojan-activity;sid:84515123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652022/; classtype:trojan-activity;sid:84515122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652021/; classtype:trojan-activity;sid:84515121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-13/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652014/; classtype:trojan-activity;sid:84515114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652015/; classtype:trojan-activity;sid:84515115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652016/; classtype:trojan-activity;sid:84515116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652017/; classtype:trojan-activity;sid:84515117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652018)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-14/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652018/; classtype:trojan-activity;sid:84515118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652019/; classtype:trojan-activity;sid:84515119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652020/; classtype:trojan-activity;sid:84515120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-18/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652012/; classtype:trojan-activity;sid:84515112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652013/; classtype:trojan-activity;sid:84515113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652007/; classtype:trojan-activity;sid:84515107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652008/; classtype:trojan-activity;sid:84515108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-04-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652010/; classtype:trojan-activity;sid:84515110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-07-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652011/; classtype:trojan-activity;sid:84515111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652005/; classtype:trojan-activity;sid:84515105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-03-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652006/; classtype:trojan-activity;sid:84515106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652003/; classtype:trojan-activity;sid:84515103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652002/; classtype:trojan-activity;sid:84515102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3652000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3652000/; classtype:trojan-activity;sid:84515100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651998/; classtype:trojan-activity;sid:84515098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651999/; classtype:trojan-activity;sid:84515099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651993/; classtype:trojan-activity;sid:84515093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651994/; classtype:trojan-activity;sid:84515094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651995/; classtype:trojan-activity;sid:84515095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651996/; classtype:trojan-activity;sid:84515096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651997/; classtype:trojan-activity;sid:84515097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651991/; classtype:trojan-activity;sid:84515091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651992/; classtype:trojan-activity;sid:84515092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651989)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651989/; classtype:trojan-activity;sid:84515089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651990/; classtype:trojan-activity;sid:84515090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651987/; classtype:trojan-activity;sid:84515087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651988/; classtype:trojan-activity;sid:84515088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651981/; classtype:trojan-activity;sid:84515081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651982/; classtype:trojan-activity;sid:84515082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651983)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-07-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651983/; classtype:trojan-activity;sid:84515083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651985/; classtype:trojan-activity;sid:84515085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-17/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651986/; classtype:trojan-activity;sid:84515086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651978/; classtype:trojan-activity;sid:84515078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-12-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651980/; classtype:trojan-activity;sid:84515080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2023-03-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651969/; classtype:trojan-activity;sid:84515069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651970/; classtype:trojan-activity;sid:84515070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651971/; classtype:trojan-activity;sid:84515071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651972/; classtype:trojan-activity;sid:84515072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651973/; classtype:trojan-activity;sid:84515073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651974)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-05-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651974/; classtype:trojan-activity;sid:84515074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651975/; classtype:trojan-activity;sid:84515075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651976/; classtype:trojan-activity;sid:84515076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651977/; classtype:trojan-activity;sid:84515077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651967/; classtype:trojan-activity;sid:84515067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651968/; classtype:trojan-activity;sid:84515068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651965/; classtype:trojan-activity;sid:84515065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651966/; classtype:trojan-activity;sid:84515066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651963/; classtype:trojan-activity;sid:84515063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651964/; classtype:trojan-activity;sid:84515064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651959/; classtype:trojan-activity;sid:84515059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651960/; classtype:trojan-activity;sid:84515060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651961/; classtype:trojan-activity;sid:84515061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651962/; classtype:trojan-activity;sid:84515062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651958/; classtype:trojan-activity;sid:84515058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-09-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651956/; classtype:trojan-activity;sid:84515056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651957/; classtype:trojan-activity;sid:84515057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651955/; classtype:trojan-activity;sid:84515055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651954/; classtype:trojan-activity;sid:84515054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651952/; classtype:trojan-activity;sid:84515052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651953/; classtype:trojan-activity;sid:84515053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651951/; classtype:trojan-activity;sid:84515051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651949/; classtype:trojan-activity;sid:84515049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651950/; classtype:trojan-activity;sid:84515050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651944/; classtype:trojan-activity;sid:84515044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651945/; classtype:trojan-activity;sid:84515045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/9929/11032020101348/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651946/; classtype:trojan-activity;sid:84515046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651948/; classtype:trojan-activity;sid:84515048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651943/; classtype:trojan-activity;sid:84515043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-11/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651942/; classtype:trojan-activity;sid:84515042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651937/; classtype:trojan-activity;sid:84515037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651938)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651938/; classtype:trojan-activity;sid:84515038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651939/; classtype:trojan-activity;sid:84515039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651941/; classtype:trojan-activity;sid:84515041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651933/; classtype:trojan-activity;sid:84515033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-10-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651934/; classtype:trojan-activity;sid:84515034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651935/; classtype:trojan-activity;sid:84515035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-01-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651936/; classtype:trojan-activity;sid:84515036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651932/; classtype:trojan-activity;sid:84515032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651930/; classtype:trojan-activity;sid:84515030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651928/; classtype:trojan-activity;sid:84515028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651929/; classtype:trojan-activity;sid:84515029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-18/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651926/; classtype:trojan-activity;sid:84515026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651927/; classtype:trojan-activity;sid:84515027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651921/; classtype:trojan-activity;sid:84515021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651922/; classtype:trojan-activity;sid:84515022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651923/; classtype:trojan-activity;sid:84515023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651924/; classtype:trojan-activity;sid:84515024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651925/; classtype:trojan-activity;sid:84515025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-26/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651915/; classtype:trojan-activity;sid:84515015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-05-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651916/; classtype:trojan-activity;sid:84515016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651917/; classtype:trojan-activity;sid:84515017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651913/; classtype:trojan-activity;sid:84515013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651914/; classtype:trojan-activity;sid:84515014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-12-02/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651909/; classtype:trojan-activity;sid:84515009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651910/; classtype:trojan-activity;sid:84515010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651912/; classtype:trojan-activity;sid:84515012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651905/; classtype:trojan-activity;sid:84515005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651906/; classtype:trojan-activity;sid:84515006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651907)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651907/; classtype:trojan-activity;sid:84515007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651901)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651901/; classtype:trojan-activity;sid:84515001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651902/; classtype:trojan-activity;sid:84515002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651903)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651903/; classtype:trojan-activity;sid:84515003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651899/; classtype:trojan-activity;sid:84514999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651900/; classtype:trojan-activity;sid:84515000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-09-08/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651896/; classtype:trojan-activity;sid:84514996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651897/; classtype:trojan-activity;sid:84514997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651898)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651898/; classtype:trojan-activity;sid:84514998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651894/; classtype:trojan-activity;sid:84514994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651895/; classtype:trojan-activity;sid:84514995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160618/td00000000000000159843/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651892/; classtype:trojan-activity;sid:84514992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651893/; classtype:trojan-activity;sid:84514993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651890/; classtype:trojan-activity;sid:84514990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651891/; classtype:trojan-activity;sid:84514991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651887/; classtype:trojan-activity;sid:84514987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651888/; classtype:trojan-activity;sid:84514988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651889/; classtype:trojan-activity;sid:84514989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651883/; classtype:trojan-activity;sid:84514983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651884/; classtype:trojan-activity;sid:84514984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-07-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651885/; classtype:trojan-activity;sid:84514985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651881/; classtype:trojan-activity;sid:84514981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651882/; classtype:trojan-activity;sid:84514982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651877/; classtype:trojan-activity;sid:84514977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-02-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651878/; classtype:trojan-activity;sid:84514978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651879)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-11-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651879/; classtype:trojan-activity;sid:84514979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651874/; classtype:trojan-activity;sid:84514974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651875/; classtype:trojan-activity;sid:84514975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651876/; classtype:trojan-activity;sid:84514976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651867/; classtype:trojan-activity;sid:84514967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651868/; classtype:trojan-activity;sid:84514968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651869/; classtype:trojan-activity;sid:84514969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651870/; classtype:trojan-activity;sid:84514970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651871/; classtype:trojan-activity;sid:84514971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-04-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651873/; classtype:trojan-activity;sid:84514973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-12-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651866/; classtype:trojan-activity;sid:84514966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651865/; classtype:trojan-activity;sid:84514965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651861)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651861/; classtype:trojan-activity;sid:84514961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651862/; classtype:trojan-activity;sid:84514962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651863/; classtype:trojan-activity;sid:84514963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651864/; classtype:trojan-activity;sid:84514964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651859/; classtype:trojan-activity;sid:84514959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651860/; classtype:trojan-activity;sid:84514960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651857/; classtype:trojan-activity;sid:84514957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-22/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651854/; classtype:trojan-activity;sid:84514954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651852/; classtype:trojan-activity;sid:84514952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651853/; classtype:trojan-activity;sid:84514953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651849/; classtype:trojan-activity;sid:84514949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651850/; classtype:trojan-activity;sid:84514950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-31/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651848/; classtype:trojan-activity;sid:84514948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651847/; classtype:trojan-activity;sid:84514947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651845/; classtype:trojan-activity;sid:84514945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651846/; classtype:trojan-activity;sid:84514946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651844)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651844/; classtype:trojan-activity;sid:84514944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651843/; classtype:trojan-activity;sid:84514943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651836/; classtype:trojan-activity;sid:84514936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651837/; classtype:trojan-activity;sid:84514937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651838)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651838/; classtype:trojan-activity;sid:84514938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651839/; classtype:trojan-activity;sid:84514939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651840/; classtype:trojan-activity;sid:84514940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651841)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651841/; classtype:trojan-activity;sid:84514941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651842/; classtype:trojan-activity;sid:84514942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651834/; classtype:trojan-activity;sid:84514934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-04-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651835/; classtype:trojan-activity;sid:84514935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651832/; classtype:trojan-activity;sid:84514932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651833/; classtype:trojan-activity;sid:84514933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651830/; classtype:trojan-activity;sid:84514930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-11-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651827/; classtype:trojan-activity;sid:84514927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651822)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651822/; classtype:trojan-activity;sid:84514922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651823/; classtype:trojan-activity;sid:84514923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651824/; classtype:trojan-activity;sid:84514924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-03-11/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651825/; classtype:trojan-activity;sid:84514925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651826/; classtype:trojan-activity;sid:84514926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-05-27/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651820/; classtype:trojan-activity;sid:84514920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651821/; classtype:trojan-activity;sid:84514921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651819/; classtype:trojan-activity;sid:84514919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651813)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651813/; classtype:trojan-activity;sid:84514913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651814)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-08-17/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651814/; classtype:trojan-activity;sid:84514914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651815)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651815/; classtype:trojan-activity;sid:84514915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651816)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651816/; classtype:trojan-activity;sid:84514916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651817)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-02-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651817/; classtype:trojan-activity;sid:84514917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651818/; classtype:trojan-activity;sid:84514918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651810)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651810/; classtype:trojan-activity;sid:84514910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651811/; classtype:trojan-activity;sid:84514911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651812)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-10-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651812/; classtype:trojan-activity;sid:84514912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651808)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-29/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651808/; classtype:trojan-activity;sid:84514908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651806/; classtype:trojan-activity;sid:84514906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651807)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-10-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651807/; classtype:trojan-activity;sid:84514907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651802/; classtype:trojan-activity;sid:84514902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651803)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-06-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651803/; classtype:trojan-activity;sid:84514903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-03/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651805/; classtype:trojan-activity;sid:84514905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651801/; classtype:trojan-activity;sid:84514901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-01-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651798/; classtype:trojan-activity;sid:84514898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651796)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651796/; classtype:trojan-activity;sid:84514896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651797)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-02-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651797/; classtype:trojan-activity;sid:84514897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651790/; classtype:trojan-activity;sid:84514890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651792)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-08-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651792/; classtype:trojan-activity;sid:84514892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651789)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168897/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651789/; classtype:trojan-activity;sid:84514889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651787)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651787/; classtype:trojan-activity;sid:84514887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651782)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-05-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651782/; classtype:trojan-activity;sid:84514882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651783/; classtype:trojan-activity;sid:84514883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651785/; classtype:trojan-activity;sid:84514885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651786)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651786/; classtype:trojan-activity;sid:84514886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651777)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/normal/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651777/; classtype:trojan-activity;sid:84514877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651778)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-06-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651778/; classtype:trojan-activity;sid:84514878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651780/; classtype:trojan-activity;sid:84514880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651781/; classtype:trojan-activity;sid:84514881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651774)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651774/; classtype:trojan-activity;sid:84514874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651775)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651775/; classtype:trojan-activity;sid:84514875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651776)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651776/; classtype:trojan-activity;sid:84514876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651770/; classtype:trojan-activity;sid:84514870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651771/; classtype:trojan-activity;sid:84514871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651772)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651772/; classtype:trojan-activity;sid:84514872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651773)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651773/; classtype:trojan-activity;sid:84514873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-11-11/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651768/; classtype:trojan-activity;sid:84514868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651769)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651769/; classtype:trojan-activity;sid:84514869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651766)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651766/; classtype:trojan-activity;sid:84514866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651767)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651767/; classtype:trojan-activity;sid:84514867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651763)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-03-15/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651763/; classtype:trojan-activity;sid:84514863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651764)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-11-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651764/; classtype:trojan-activity;sid:84514864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-04-01/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651761/; classtype:trojan-activity;sid:84514861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651762/; classtype:trojan-activity;sid:84514862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-10-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651755/; classtype:trojan-activity;sid:84514855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651756)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651756/; classtype:trojan-activity;sid:84514856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651757)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-31/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651757/; classtype:trojan-activity;sid:84514857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/sp/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651758/; classtype:trojan-activity;sid:84514858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651759/; classtype:trojan-activity;sid:84514859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651753/; classtype:trojan-activity;sid:84514853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651754)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651754/; classtype:trojan-activity;sid:84514854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651751/; classtype:trojan-activity;sid:84514851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651752)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651752/; classtype:trojan-activity;sid:84514852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651750/; classtype:trojan-activity;sid:84514850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651741)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651741/; classtype:trojan-activity;sid:84514841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651742)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651742/; classtype:trojan-activity;sid:84514842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651745)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651745/; classtype:trojan-activity;sid:84514845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-01-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651746/; classtype:trojan-activity;sid:84514846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651747)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651747/; classtype:trojan-activity;sid:84514847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pa/conting%c3%aancia/homologa%c3%a7%c3%a3o/info.zip"; http_uri; depth:95; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651748/; classtype:trojan-activity;sid:84514848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651740)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651740/; classtype:trojan-activity;sid:84514840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651734)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651734/; classtype:trojan-activity;sid:84514834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651735/; classtype:trojan-activity;sid:84514835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-08-28/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651736/; classtype:trojan-activity;sid:84514836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-31/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651737/; classtype:trojan-activity;sid:84514837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/info.zip"; http_uri; depth:76; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651738/; classtype:trojan-activity;sid:84514838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651739)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651739/; classtype:trojan-activity;sid:84514839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651730/; classtype:trojan-activity;sid:84514830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651731/; classtype:trojan-activity;sid:84514831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651732)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651732/; classtype:trojan-activity;sid:84514832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-02-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651729/; classtype:trojan-activity;sid:84514829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651728)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651728/; classtype:trojan-activity;sid:84514828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-12-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651726/; classtype:trojan-activity;sid:84514826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651727)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-01-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651727/; classtype:trojan-activity;sid:84514827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-12-23/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651725/; classtype:trojan-activity;sid:84514825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651720/; classtype:trojan-activity;sid:84514820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651721)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-08-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651721/; classtype:trojan-activity;sid:84514821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-18/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651722/; classtype:trojan-activity;sid:84514822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651724)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651724/; classtype:trojan-activity;sid:84514824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651717)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651717/; classtype:trojan-activity;sid:84514817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-08/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651718/; classtype:trojan-activity;sid:84514818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651716)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651716/; classtype:trojan-activity;sid:84514816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651715)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651715/; classtype:trojan-activity;sid:84514815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651713)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651713/; classtype:trojan-activity;sid:84514813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651714)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-11-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651714/; classtype:trojan-activity;sid:84514814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651710/; classtype:trojan-activity;sid:84514810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651711)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651711/; classtype:trojan-activity;sid:84514811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651709)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-20/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651709/; classtype:trojan-activity;sid:84514809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651707/; classtype:trojan-activity;sid:84514807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651708/; classtype:trojan-activity;sid:84514808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651705)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651705/; classtype:trojan-activity;sid:84514805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-18/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651706/; classtype:trojan-activity;sid:84514806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-06-27/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651699/; classtype:trojan-activity;sid:84514799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-12-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651700/; classtype:trojan-activity;sid:84514800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651701/; classtype:trojan-activity;sid:84514801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pb/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651702/; classtype:trojan-activity;sid:84514802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651703/; classtype:trojan-activity;sid:84514803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651695)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-07/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651695/; classtype:trojan-activity;sid:84514795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651696)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651696/; classtype:trojan-activity;sid:84514796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651697)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-05-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651697/; classtype:trojan-activity;sid:84514797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-15/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651693/; classtype:trojan-activity;sid:84514793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651694)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651694/; classtype:trojan-activity;sid:84514794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651691)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651691/; classtype:trojan-activity;sid:84514791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-17/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651692/; classtype:trojan-activity;sid:84514792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651686/; classtype:trojan-activity;sid:84514786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651687)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651687/; classtype:trojan-activity;sid:84514787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651688)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651688/; classtype:trojan-activity;sid:84514788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651689/; classtype:trojan-activity;sid:84514789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651690/; classtype:trojan-activity;sid:84514790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651685)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-07-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651685/; classtype:trojan-activity;sid:84514785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651682/; classtype:trojan-activity;sid:84514782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-04-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651683/; classtype:trojan-activity;sid:84514783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651684)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651684/; classtype:trojan-activity;sid:84514784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651681/; classtype:trojan-activity;sid:84514781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651680)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651680/; classtype:trojan-activity;sid:84514780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651679)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651679/; classtype:trojan-activity;sid:84514779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-03-14/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651678/; classtype:trojan-activity;sid:84514778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651675)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651675/; classtype:trojan-activity;sid:84514775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651676/; classtype:trojan-activity;sid:84514776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651677/; classtype:trojan-activity;sid:84514777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651668)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-03-22/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651668/; classtype:trojan-activity;sid:84514768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/conting%c3%aancia/info.zip"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651669/; classtype:trojan-activity;sid:84514769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651670/; classtype:trojan-activity;sid:84514770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651671)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651671/; classtype:trojan-activity;sid:84514771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651667/; classtype:trojan-activity;sid:84514767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651663)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651663/; classtype:trojan-activity;sid:84514763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651664/; classtype:trojan-activity;sid:84514764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651665/; classtype:trojan-activity;sid:84514765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651666)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651666/; classtype:trojan-activity;sid:84514766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-02-23/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651656/; classtype:trojan-activity;sid:84514756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651657/; classtype:trojan-activity;sid:84514757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651658)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-12/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651658/; classtype:trojan-activity;sid:84514758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651659)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651659/; classtype:trojan-activity;sid:84514759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651661)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651661/; classtype:trojan-activity;sid:84514761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651650/; classtype:trojan-activity;sid:84514750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651651)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-06-24/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651651/; classtype:trojan-activity;sid:84514751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-09/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651652/; classtype:trojan-activity;sid:84514752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651653)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-05-10/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651653/; classtype:trojan-activity;sid:84514753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651654)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651654/; classtype:trojan-activity;sid:84514754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651645)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651645/; classtype:trojan-activity;sid:84514745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651646)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-11/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651646/; classtype:trojan-activity;sid:84514746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-09-29/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651647/; classtype:trojan-activity;sid:84514747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651648)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651648/; classtype:trojan-activity;sid:84514748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651649/; classtype:trojan-activity;sid:84514749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651639)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651639/; classtype:trojan-activity;sid:84514739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651640/; classtype:trojan-activity;sid:84514740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651641)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-02/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651641/; classtype:trojan-activity;sid:84514741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651642)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651642/; classtype:trojan-activity;sid:84514742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651643/; classtype:trojan-activity;sid:84514743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-05-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651644/; classtype:trojan-activity;sid:84514744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651632)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-09-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651632/; classtype:trojan-activity;sid:84514732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-07-16/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651633/; classtype:trojan-activity;sid:84514733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651634)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651634/; classtype:trojan-activity;sid:84514734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-01-19/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651635/; classtype:trojan-activity;sid:84514735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651637/; classtype:trojan-activity;sid:84514737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651638/; classtype:trojan-activity;sid:84514738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651629)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651629/; classtype:trojan-activity;sid:84514729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2025-06-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651630/; classtype:trojan-activity;sid:84514730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651631)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-02-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651631/; classtype:trojan-activity;sid:84514731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651628)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-09-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651628/; classtype:trojan-activity;sid:84514728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-04-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651622/; classtype:trojan-activity;sid:84514722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-07-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651623/; classtype:trojan-activity;sid:84514723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651624)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651624/; classtype:trojan-activity;sid:84514724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-04-05/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651625/; classtype:trojan-activity;sid:84514725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651627)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-14/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651627/; classtype:trojan-activity;sid:84514727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651621)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-21/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651621/; classtype:trojan-activity;sid:84514721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651619)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-08-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651619/; classtype:trojan-activity;sid:84514719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651617)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651617/; classtype:trojan-activity;sid:84514717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651616)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-17/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651616/; classtype:trojan-activity;sid:84514716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651615)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-05-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651615/; classtype:trojan-activity;sid:84514715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651614)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651614/; classtype:trojan-activity;sid:84514714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-03-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651613/; classtype:trojan-activity;sid:84514713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-03-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651611/; classtype:trojan-activity;sid:84514711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651608)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651608/; classtype:trojan-activity;sid:84514708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-01-29/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651609/; classtype:trojan-activity;sid:84514709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651605)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651605/; classtype:trojan-activity;sid:84514705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651603)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651603/; classtype:trojan-activity;sid:84514703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651604/; classtype:trojan-activity;sid:84514704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651599)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651599/; classtype:trojan-activity;sid:84514699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651600/; classtype:trojan-activity;sid:84514700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651601)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-11-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651601/; classtype:trojan-activity;sid:84514701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651602)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-04-14/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651602/; classtype:trojan-activity;sid:84514702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-11-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651591/; classtype:trojan-activity;sid:84514691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651592/; classtype:trojan-activity;sid:84514692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651593)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2021-07-07/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651593/; classtype:trojan-activity;sid:84514693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-10-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651594/; classtype:trojan-activity;sid:84514694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-13/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651595/; classtype:trojan-activity;sid:84514695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651588)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-08-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651588/; classtype:trojan-activity;sid:84514688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651589)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/ma/conting%c3%aancia/produ%c3%a7%c3%a3o/info.zip"; http_uri; depth:92; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651589/; classtype:trojan-activity;sid:84514689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-23/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651590/; classtype:trojan-activity;sid:84514690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651583)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651583/; classtype:trojan-activity;sid:84514683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651584)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651584/; classtype:trojan-activity;sid:84514684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-03-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651585/; classtype:trojan-activity;sid:84514685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-22/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651586/; classtype:trojan-activity;sid:84514686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651582)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651582/; classtype:trojan-activity;sid:84514682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651580)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-04-26/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651580/; classtype:trojan-activity;sid:84514680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651581)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-09/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651581/; classtype:trojan-activity;sid:84514681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651579)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-04-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651579/; classtype:trojan-activity;sid:84514679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-12/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651577/; classtype:trojan-activity;sid:84514677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651578)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-09-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651578/; classtype:trojan-activity;sid:84514678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-08-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651573/; classtype:trojan-activity;sid:84514673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-05/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651574/; classtype:trojan-activity;sid:84514674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-10/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651575/; classtype:trojan-activity;sid:84514675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-04-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651576/; classtype:trojan-activity;sid:84514676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651570)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651570/; classtype:trojan-activity;sid:84514670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-03-06/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651571/; classtype:trojan-activity;sid:84514671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-08-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651567/; classtype:trojan-activity;sid:84514667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-04-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651568/; classtype:trojan-activity;sid:84514668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-05-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651565/; classtype:trojan-activity;sid:84514665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651566)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651566/; classtype:trojan-activity;sid:84514666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651564)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651564/; classtype:trojan-activity;sid:84514664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-05-30/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651562/; classtype:trojan-activity;sid:84514662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651563)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-23/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651563/; classtype:trojan-activity;sid:84514663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651560)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-05-01/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651560/; classtype:trojan-activity;sid:84514660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-15/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651561/; classtype:trojan-activity;sid:84514661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-10-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651558/; classtype:trojan-activity;sid:84514658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651559)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-02-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651559/; classtype:trojan-activity;sid:84514659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651553)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-15/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651553/; classtype:trojan-activity;sid:84514653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-16/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651554/; classtype:trojan-activity;sid:84514654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651555)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651555/; classtype:trojan-activity;sid:84514655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651557)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-01-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651557/; classtype:trojan-activity;sid:84514657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651548)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-02-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651548/; classtype:trojan-activity;sid:84514648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-04/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651549/; classtype:trojan-activity;sid:84514649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170596/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651550/; classtype:trojan-activity;sid:84514650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651551/; classtype:trojan-activity;sid:84514651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-03-27/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651552/; classtype:trojan-activity;sid:84514652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651545)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651545/; classtype:trojan-activity;sid:84514645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651546)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-02/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651546/; classtype:trojan-activity;sid:84514646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651539)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000162/consulta%20geral/2025-04-24/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651539/; classtype:trojan-activity;sid:84514639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651542)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-25/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651542/; classtype:trojan-activity;sid:84514642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000596/consulta%20geral/2025-01-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651544/; classtype:trojan-activity;sid:84514644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000405/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651532/; classtype:trojan-activity;sid:84514632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-16/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651533/; classtype:trojan-activity;sid:84514633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651534)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651534/; classtype:trojan-activity;sid:84514634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2023-07-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651535/; classtype:trojan-activity;sid:84514635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651536)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000324/consulta%20geral/2025-02-08/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651536/; classtype:trojan-activity;sid:84514636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651530)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-12-05/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651530/; classtype:trojan-activity;sid:84514630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651531)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-24/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651531/; classtype:trojan-activity;sid:84514631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651529/; classtype:trojan-activity;sid:84514629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651526)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/02589791000677/consulta%20geral/2025-02-28/info.zip"; http_uri; depth:87; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651526/; classtype:trojan-activity;sid:84514626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651525)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-02-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651525/; classtype:trojan-activity;sid:84514625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651524)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/pe/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651524/; classtype:trojan-activity;sid:84514624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-01-26/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651521/; classtype:trojan-activity;sid:84514621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651522)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-11-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651522/; classtype:trojan-activity;sid:84514622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651523)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-11-12/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651523/; classtype:trojan-activity;sid:84514623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-05-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651520/; classtype:trojan-activity;sid:84514620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651519/; classtype:trojan-activity;sid:84514619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651516/; classtype:trojan-activity;sid:84514616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651518)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2025-04-09/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651518/; classtype:trojan-activity;sid:84514618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651515)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-04-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651515/; classtype:trojan-activity;sid:84514615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651512/; classtype:trojan-activity;sid:84514612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2023-11-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651513/; classtype:trojan-activity;sid:84514613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-02-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651514/; classtype:trojan-activity;sid:84514614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651511)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-09-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651511/; classtype:trojan-activity;sid:84514611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651509)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2020-09-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651509/; classtype:trojan-activity;sid:84514609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651510)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651510/; classtype:trojan-activity;sid:84514610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651506/; classtype:trojan-activity;sid:84514606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651507)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-18/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651507/; classtype:trojan-activity;sid:84514607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-08-26/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651508/; classtype:trojan-activity;sid:84514608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651504/; classtype:trojan-activity;sid:84514604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651505)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2022-03-14/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651505/; classtype:trojan-activity;sid:84514605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651502)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-12-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651502/; classtype:trojan-activity;sid:84514602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-05-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651503/; classtype:trojan-activity;sid:84514603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651494)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651494/; classtype:trojan-activity;sid:84514594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651481)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651481/; classtype:trojan-activity;sid:84514581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651480)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"220.89.164.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651480/; classtype:trojan-activity;sid:84514580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651477)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651477/; classtype:trojan-activity;sid:84514577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651476)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651476/; classtype:trojan-activity;sid:84514576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651475)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651475/; classtype:trojan-activity;sid:84514575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651461)"; flow:established,from_client; content:"GET"; http_method; content:"/envifa.vbs"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"2seguro2025.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651461/; classtype:trojan-activity;sid:84514561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651462)"; flow:established,from_client; content:"GET"; http_method; content:"/sostener2.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"2seguro2025.duckdns.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2025_10_04; reference:url, urlhaus.abuse.ch/url/3651462/; classtype:trojan-activity;sid:84514562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651304)"; flow:established,from_client; content:"GET"; http_method; content:"/download/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"47.104.31.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651304/; classtype:trojan-activity;sid:84514404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651202)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.59.134.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651202/; classtype:trojan-activity;sid:84514302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651195)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566431/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651195/; classtype:trojan-activity;sid:84514295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000225745/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651183/; classtype:trojan-activity;sid:84514283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651168/; classtype:trojan-activity;sid:84514268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567168/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651169/; classtype:trojan-activity;sid:84514269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171472/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651167/; classtype:trojan-activity;sid:84514267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651165/; classtype:trojan-activity;sid:84514265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-08-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651160/; classtype:trojan-activity;sid:84514260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165772/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651151/; classtype:trojan-activity;sid:84514251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-20/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651149/; classtype:trojan-activity;sid:84514249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170922/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651139/; classtype:trojan-activity;sid:84514239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651135/; classtype:trojan-activity;sid:84514235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171064/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651136/; classtype:trojan-activity;sid:84514236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603095/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651125/; classtype:trojan-activity;sid:84514225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-12-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651099/; classtype:trojan-activity;sid:84514199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651097)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.56.227.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651097/; classtype:trojan-activity;sid:84514197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651095)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171016/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651095/; classtype:trojan-activity;sid:84514195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-07-06/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651092/; classtype:trojan-activity;sid:84514192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000253230/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651090/; classtype:trojan-activity;sid:84514190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171252/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651088/; classtype:trojan-activity;sid:84514188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651084)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"132.247.103.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651084/; classtype:trojan-activity;sid:84514184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000189793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651078/; classtype:trojan-activity;sid:84514178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651076)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"77.172.14.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651076/; classtype:trojan-activity;sid:84514176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651077)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-04-30/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651077/; classtype:trojan-activity;sid:84514177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651075)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.36.80.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651075/; classtype:trojan-activity;sid:84514175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604320/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651071/; classtype:trojan-activity;sid:84514171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2024-05-31/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651061/; classtype:trojan-activity;sid:84514161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-12-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651056/; classtype:trojan-activity;sid:84514156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651044/; classtype:trojan-activity;sid:84514144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000232289/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651041/; classtype:trojan-activity;sid:84514141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-01-13/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651037/; classtype:trojan-activity;sid:84514137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2023-11-09/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651022/; classtype:trojan-activity;sid:84514122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651020/; classtype:trojan-activity;sid:84514120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651016)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000186186/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651016/; classtype:trojan-activity;sid:84514116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164262/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651012/; classtype:trojan-activity;sid:84514112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651015/; classtype:trojan-activity;sid:84514115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000683762/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651011/; classtype:trojan-activity;sid:84514111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3651006)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3651006/; classtype:trojan-activity;sid:84514106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168881/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650998/; classtype:trojan-activity;sid:84514098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000602407/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650995/; classtype:trojan-activity;sid:84514095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650993)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000626337/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650993/; classtype:trojan-activity;sid:84514093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2020-12-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650991/; classtype:trojan-activity;sid:84514091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000565438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650986/; classtype:trojan-activity;sid:84514086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650970)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650970/; classtype:trojan-activity;sid:84514070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000619269/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650968/; classtype:trojan-activity;sid:84514068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169465/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650963/; classtype:trojan-activity;sid:84514063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-01-23/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650961/; classtype:trojan-activity;sid:84514061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160983/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650959/; classtype:trojan-activity;sid:84514059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179610/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650958/; classtype:trojan-activity;sid:84514058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165004/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650955/; classtype:trojan-activity;sid:84514055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650943/; classtype:trojan-activity;sid:84514043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000589083/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650940/; classtype:trojan-activity;sid:84514040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650939)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169469/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650939/; classtype:trojan-activity;sid:84514039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167445/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650934/; classtype:trojan-activity;sid:84514034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000608221/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650928/; classtype:trojan-activity;sid:84514028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650924)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168559/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650924/; classtype:trojan-activity;sid:84514024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650915)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000767154/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650915/; classtype:trojan-activity;sid:84514015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169966/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650912/; classtype:trojan-activity;sid:84514012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650913/; classtype:trojan-activity;sid:84514013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625892/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650902/; classtype:trojan-activity;sid:84514002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/app_error/info.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650900/; classtype:trojan-activity;sid:84514000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160599/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650887/; classtype:trojan-activity;sid:84513987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650884/; classtype:trojan-activity;sid:84513984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171986/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650886/; classtype:trojan-activity;sid:84513986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000555504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650880/; classtype:trojan-activity;sid:84513980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000765366/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650881/; classtype:trojan-activity;sid:84513981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604319/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650870/; classtype:trojan-activity;sid:84513970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171330/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650868/; classtype:trojan-activity;sid:84513968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000621738/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650856/; classtype:trojan-activity;sid:84513956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165010/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650855/; classtype:trojan-activity;sid:84513955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650851)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.203.254.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650851/; classtype:trojan-activity;sid:84513951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168303/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650850/; classtype:trojan-activity;sid:84513950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650846)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"68.148.10.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650846/; classtype:trojan-activity;sid:84513946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2021-04-01/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650828/; classtype:trojan-activity;sid:84513928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-05/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650824/; classtype:trojan-activity;sid:84513924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000391039/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650820/; classtype:trojan-activity;sid:84513920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650817)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"82.67.39.194"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650817/; classtype:trojan-activity;sid:84513917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650818)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000574637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650818/; classtype:trojan-activity;sid:84513918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650811)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"189.61.50.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650811/; classtype:trojan-activity;sid:84513911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650810)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"64.234.95.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650810/; classtype:trojan-activity;sid:84513910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650806)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/normal/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650806/; classtype:trojan-activity;sid:84513906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601712/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650791/; classtype:trojan-activity;sid:84513891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-25/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650781/; classtype:trojan-activity;sid:84513881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650779)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650779/; classtype:trojan-activity;sid:84513879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650770)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650770/; classtype:trojan-activity;sid:84513870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650768/; classtype:trojan-activity;sid:84513868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650748)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000631756/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650748/; classtype:trojan-activity;sid:84513848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-04-15/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650746/; classtype:trojan-activity;sid:84513846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167557/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650744/; classtype:trojan-activity;sid:84513844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650735)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000232287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650735/; classtype:trojan-activity;sid:84513835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650729)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000607873/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650729/; classtype:trojan-activity;sid:84513829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650726)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166887/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650726/; classtype:trojan-activity;sid:84513826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650720)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162883/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650720/; classtype:trojan-activity;sid:84513820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650719)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000680913/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650719/; classtype:trojan-activity;sid:84513819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650718)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650718/; classtype:trojan-activity;sid:84513818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167443/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650712/; classtype:trojan-activity;sid:84513812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650711)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.177.204.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650711/; classtype:trojan-activity;sid:84513811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650708)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650708/; classtype:trojan-activity;sid:84513808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650703)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566429/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650703/; classtype:trojan-activity;sid:84513803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-01-14/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650701/; classtype:trojan-activity;sid:84513801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166105/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650693/; classtype:trojan-activity;sid:84513793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650690/; classtype:trojan-activity;sid:84513790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650689/; classtype:trojan-activity;sid:84513789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2021-10-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650686/; classtype:trojan-activity;sid:84513786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650687)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.35.55.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650687/; classtype:trojan-activity;sid:84513787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650683)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165072/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650683/; classtype:trojan-activity;sid:84513783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650678)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000457040/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650678/; classtype:trojan-activity;sid:84513778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650679)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.8.164.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650679/; classtype:trojan-activity;sid:84513779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650676)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000218874/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650676/; classtype:trojan-activity;sid:84513776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650667)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171556/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650667/; classtype:trojan-activity;sid:84513767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650664)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224647/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650664/; classtype:trojan-activity;sid:84513764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650665)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165656/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650665/; classtype:trojan-activity;sid:84513765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603149/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650655/; classtype:trojan-activity;sid:84513755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650650)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650650/; classtype:trojan-activity;sid:84513750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650652)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-12-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650652/; classtype:trojan-activity;sid:84513752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650649)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171224/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650649/; classtype:trojan-activity;sid:84513749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650643)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"220.89.164.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650643/; classtype:trojan-activity;sid:84513743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650640)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000187451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650640/; classtype:trojan-activity;sid:84513740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650638)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170836/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650638/; classtype:trojan-activity;sid:84513738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650633)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650633/; classtype:trojan-activity;sid:84513733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171296/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650622/; classtype:trojan-activity;sid:84513722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650616)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"88.28.218.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650616/; classtype:trojan-activity;sid:84513716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650611)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/info.zip"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650611/; classtype:trojan-activity;sid:84513711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650609)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604318/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650609/; classtype:trojan-activity;sid:84513709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2024-06-19/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650600/; classtype:trojan-activity;sid:84513700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650598)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650598/; classtype:trojan-activity;sid:84513698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650596)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650596/; classtype:trojan-activity;sid:84513696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650595)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000426238/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650595/; classtype:trojan-activity;sid:84513695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650594)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-01-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650594/; classtype:trojan-activity;sid:84513694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650591)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650591/; classtype:trojan-activity;sid:84513691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650588)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"156.200.99.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650588/; classtype:trojan-activity;sid:84513688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650585)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650585/; classtype:trojan-activity;sid:84513685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650586)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168287/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650586/; classtype:trojan-activity;sid:84513686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650575)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585436/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650575/; classtype:trojan-activity;sid:84513675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171288/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650573/; classtype:trojan-activity;sid:84513673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650570)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.224.205.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650570/; classtype:trojan-activity;sid:84513670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000176793/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650568/; classtype:trojan-activity;sid:84513668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650569)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000213545/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650569/; classtype:trojan-activity;sid:84513669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650565)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167279/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650565/; classtype:trojan-activity;sid:84513665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167437/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650561/; classtype:trojan-activity;sid:84513661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650554)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606633/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650554/; classtype:trojan-activity;sid:84513654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167071/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650551/; classtype:trojan-activity;sid:84513651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650550)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-06-03/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650550/; classtype:trojan-activity;sid:84513650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172576/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650549/; classtype:trojan-activity;sid:84513649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650541)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/info.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650541/; classtype:trojan-activity;sid:84513641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650535)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-10-23/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650535/; classtype:trojan-activity;sid:84513635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650529)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171304/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650529/; classtype:trojan-activity;sid:84513629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650528/; classtype:trojan-activity;sid:84513628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650520)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-11-04/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650520/; classtype:trojan-activity;sid:84513620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650519)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650519/; classtype:trojan-activity;sid:84513619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650516)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-02-16/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650516/; classtype:trojan-activity;sid:84513616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650513)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2020-11-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650513/; classtype:trojan-activity;sid:84513613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650512)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166971/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650512/; classtype:trojan-activity;sid:84513612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650508)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164808/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650508/; classtype:trojan-activity;sid:84513608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-06-03/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650503/; classtype:trojan-activity;sid:84513603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650504)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170482/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650504/; classtype:trojan-activity;sid:84513604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650506)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165644/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650506/; classtype:trojan-activity;sid:84513606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650493)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000264706/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650493/; classtype:trojan-activity;sid:84513593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650494)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000562134/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650494/; classtype:trojan-activity;sid:84513594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000680914/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650498/; classtype:trojan-activity;sid:84513598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650499)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650499/; classtype:trojan-activity;sid:84513599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650492)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"72.132.64.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650492/; classtype:trojan-activity;sid:84513592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650491)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-28/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650491/; classtype:trojan-activity;sid:84513591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650482)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165020/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650482/; classtype:trojan-activity;sid:84513582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650483/; classtype:trojan-activity;sid:84513583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650480)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171284/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650480/; classtype:trojan-activity;sid:84513580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650473)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.179.225.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650473/; classtype:trojan-activity;sid:84513573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650472)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604651/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650472/; classtype:trojan-activity;sid:84513572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650467)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650467/; classtype:trojan-activity;sid:84513567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650465)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166079/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650465/; classtype:trojan-activity;sid:84513565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650461)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650461/; classtype:trojan-activity;sid:84513561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650457)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601171/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650457/; classtype:trojan-activity;sid:84513557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650454)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2024-01-02/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650454/; classtype:trojan-activity;sid:84513554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650450)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000159804/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650450/; classtype:trojan-activity;sid:84513550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650443)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650443/; classtype:trojan-activity;sid:84513543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650441)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168305/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650441/; classtype:trojan-activity;sid:84513541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650442)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.8.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650442/; classtype:trojan-activity;sid:84513542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650439)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170516/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650439/; classtype:trojan-activity;sid:84513539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650431)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000163666/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650431/; classtype:trojan-activity;sid:84513531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650430)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000601753/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650430/; classtype:trojan-activity;sid:84513530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650423)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000629919/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650423/; classtype:trojan-activity;sid:84513523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650422)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000263120/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650422/; classtype:trojan-activity;sid:84513522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650412)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000237372/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650412/; classtype:trojan-activity;sid:84513512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650413)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"50.65.169.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650413/; classtype:trojan-activity;sid:84513513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-10-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650397/; classtype:trojan-activity;sid:84513497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650390)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000555505/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650390/; classtype:trojan-activity;sid:84513490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650388)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2021-05-19/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650388/; classtype:trojan-activity;sid:84513488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650386)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169865/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650386/; classtype:trojan-activity;sid:84513486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650383)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650383/; classtype:trojan-activity;sid:84513483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650381)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171312/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650381/; classtype:trojan-activity;sid:84513481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650374)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169769/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650374/; classtype:trojan-activity;sid:84513474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650364)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000573133/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650364/; classtype:trojan-activity;sid:84513464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606636/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650366/; classtype:trojan-activity;sid:84513466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650371)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546234/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650371/; classtype:trojan-activity;sid:84513471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650373)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"37.34.230.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650373/; classtype:trojan-activity;sid:84513473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650362)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650362/; classtype:trojan-activity;sid:84513462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650358)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170378/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650358/; classtype:trojan-activity;sid:84513458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650351)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"71.198.110.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650351/; classtype:trojan-activity;sid:84513451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650348)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160995/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650348/; classtype:trojan-activity;sid:84513448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650347)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-11-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650347/; classtype:trojan-activity;sid:84513447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650343)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.43.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650343/; classtype:trojan-activity;sid:84513443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650337)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168278/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650337/; classtype:trojan-activity;sid:84513437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170774/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650338/; classtype:trojan-activity;sid:84513438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650340)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000633210/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650340/; classtype:trojan-activity;sid:84513440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650331)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224648/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650331/; classtype:trojan-activity;sid:84513431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165504/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650332/; classtype:trojan-activity;sid:84513432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650325)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604442/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650325/; classtype:trojan-activity;sid:84513425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650327)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-09-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650327/; classtype:trojan-activity;sid:84513427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650319)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"138.36.2.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650319/; classtype:trojan-activity;sid:84513419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650307)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.89.102.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650307/; classtype:trojan-activity;sid:84513407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650299)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.193.105.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650299/; classtype:trojan-activity;sid:84513399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650300)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650300/; classtype:trojan-activity;sid:84513400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650276)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650276/; classtype:trojan-activity;sid:84513376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650270)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169947/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650270/; classtype:trojan-activity;sid:84513370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650271)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165200/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650271/; classtype:trojan-activity;sid:84513371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650269)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/01/consulta%20n%c3%a3o%20encerrado/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650269/; classtype:trojan-activity;sid:84513369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650263)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650263/; classtype:trojan-activity;sid:84513363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650259)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/eventos/2021-02-16/info.zip"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650259/; classtype:trojan-activity;sid:84513359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650258)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168295/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650258/; classtype:trojan-activity;sid:84513358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650253)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585560/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650253/; classtype:trojan-activity;sid:84513353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650251)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-29/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650251/; classtype:trojan-activity;sid:84513351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650244)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604650/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650244/; classtype:trojan-activity;sid:84513344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604662/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650243/; classtype:trojan-activity;sid:84513343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650222)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650222/; classtype:trojan-activity;sid:84513322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650215)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162637/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650215/; classtype:trojan-activity;sid:84513315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650214)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600441/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650214/; classtype:trojan-activity;sid:84513314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650213)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000584368/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650213/; classtype:trojan-activity;sid:84513313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650201)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165935/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650201/; classtype:trojan-activity;sid:84513301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650196)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-11-28/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650196/; classtype:trojan-activity;sid:84513296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650193)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.209.67.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650193/; classtype:trojan-activity;sid:84513293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650191)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000179593/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650191/; classtype:trojan-activity;sid:84513291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2019-12-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650181/; classtype:trojan-activity;sid:84513281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-06-03/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650178/; classtype:trojan-activity;sid:84513278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000222522/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650170/; classtype:trojan-activity;sid:84513270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166869/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650162/; classtype:trojan-activity;sid:84513262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566150/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650160/; classtype:trojan-activity;sid:84513260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546495/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650161/; classtype:trojan-activity;sid:84513261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164138/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650146/; classtype:trojan-activity;sid:84513246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-22/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650138/; classtype:trojan-activity;sid:84513238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170520/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650130/; classtype:trojan-activity;sid:84513230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-10-19/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650129/; classtype:trojan-activity;sid:84513229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171256/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650127/; classtype:trojan-activity;sid:84513227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172428/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650123/; classtype:trojan-activity;sid:84513223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553463/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650122/; classtype:trojan-activity;sid:84513222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2023-11-14/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650117/; classtype:trojan-activity;sid:84513217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165900/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650118/; classtype:trojan-activity;sid:84513218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566395/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650112/; classtype:trojan-activity;sid:84513212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171314/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650107/; classtype:trojan-activity;sid:84513207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650104/; classtype:trojan-activity;sid:84513204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171298/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650093/; classtype:trojan-activity;sid:84513193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168275/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650092/; classtype:trojan-activity;sid:84513192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-11-24/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650082/; classtype:trojan-activity;sid:84513182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166259/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650079/; classtype:trojan-activity;sid:84513179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165824/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650078/; classtype:trojan-activity;sid:84513178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650071)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650071/; classtype:trojan-activity;sid:84513171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600293/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650067/; classtype:trojan-activity;sid:84513167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567166/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650058/; classtype:trojan-activity;sid:84513158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650061)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.95.233.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650061/; classtype:trojan-activity;sid:84513161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-08-25/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650056/; classtype:trojan-activity;sid:84513156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567145/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650051/; classtype:trojan-activity;sid:84513151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2022-05-04/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650047/; classtype:trojan-activity;sid:84513147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-03-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650048/; classtype:trojan-activity;sid:84513148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650044)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"111.235.143.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650044/; classtype:trojan-activity;sid:84513144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-08-19/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650038/; classtype:trojan-activity;sid:84513138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650036/; classtype:trojan-activity;sid:84513136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169473/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650028/; classtype:trojan-activity;sid:84513128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171454/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650026/; classtype:trojan-activity;sid:84513126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170532/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650023/; classtype:trojan-activity;sid:84513123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000543689/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650004/; classtype:trojan-activity;sid:84513104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3650001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000633209/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3650001/; classtype:trojan-activity;sid:84513101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000546233/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649996/; classtype:trojan-activity;sid:84513096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173466/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649995/; classtype:trojan-activity;sid:84513095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585575/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649992/; classtype:trojan-activity;sid:84513092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2020-10-19/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649985/; classtype:trojan-activity;sid:84513085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171194/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649986/; classtype:trojan-activity;sid:84513086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172163/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649987/; classtype:trojan-activity;sid:84513087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649984)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"160.202.15.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649984/; classtype:trojan-activity;sid:84513084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586961/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649980/; classtype:trojan-activity;sid:84513080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649981)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000609592/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649981/; classtype:trojan-activity;sid:84513081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649975)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"27.72.159.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649975/; classtype:trojan-activity;sid:84513075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649968)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"107.128.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649968/; classtype:trojan-activity;sid:84513068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-02-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649961/; classtype:trojan-activity;sid:84513061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172788/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649959/; classtype:trojan-activity;sid:84513059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000237371/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649956/; classtype:trojan-activity;sid:84513056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000552709/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649952/; classtype:trojan-activity;sid:84513052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649944/; classtype:trojan-activity;sid:84513044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000683761/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649943/; classtype:trojan-activity;sid:84513043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567164/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649932/; classtype:trojan-activity;sid:84513032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171888/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649930/; classtype:trojan-activity;sid:84513030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165116/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649931/; classtype:trojan-activity;sid:84513031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000208170/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649923/; classtype:trojan-activity;sid:84513023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000264645/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649919/; classtype:trojan-activity;sid:84513019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2022-08-19/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649914/; classtype:trojan-activity;sid:84513014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171458/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649910/; classtype:trojan-activity;sid:84513010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000617432/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649900/; classtype:trojan-activity;sid:84513000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-06/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649897/; classtype:trojan-activity;sid:84512997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-04-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649899/; classtype:trojan-activity;sid:84512999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649896)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624762/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649896/; classtype:trojan-activity;sid:84512996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000265247/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649895/; classtype:trojan-activity;sid:84512995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165014/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649888/; classtype:trojan-activity;sid:84512988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649885/; classtype:trojan-activity;sid:84512985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168749/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649886/; classtype:trojan-activity;sid:84512986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172574/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649884/; classtype:trojan-activity;sid:84512984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167339/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649881/; classtype:trojan-activity;sid:84512981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000212326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649878/; classtype:trojan-activity;sid:84512978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603747/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649874/; classtype:trojan-activity;sid:84512974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649870)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000746890/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649870/; classtype:trojan-activity;sid:84512970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160628/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649867/; classtype:trojan-activity;sid:84512967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171452/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649868/; classtype:trojan-activity;sid:84512968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-06-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649869/; classtype:trojan-activity;sid:84512969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649865)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"75.42.36.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649865/; classtype:trojan-activity;sid:84512965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164253/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649864/; classtype:trojan-activity;sid:84512964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000426237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649863/; classtype:trojan-activity;sid:84512963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649858/; classtype:trojan-activity;sid:84512958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649848)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-02/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649848/; classtype:trojan-activity;sid:84512948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649840/; classtype:trojan-activity;sid:84512940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170894/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649839/; classtype:trojan-activity;sid:84512939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649837)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"70.190.199.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649837/; classtype:trojan-activity;sid:84512937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649833/; classtype:trojan-activity;sid:84512933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649821)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649821/; classtype:trojan-activity;sid:84512921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649801)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000465109/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649801/; classtype:trojan-activity;sid:84512901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649790)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172568/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649790/; classtype:trojan-activity;sid:84512890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2021-07-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649788/; classtype:trojan-activity;sid:84512888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649783)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000226537/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649783/; classtype:trojan-activity;sid:84512883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649780)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2022-02-16/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649780/; classtype:trojan-activity;sid:84512880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166135/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649771/; classtype:trojan-activity;sid:84512871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649768)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-06-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649768/; classtype:trojan-activity;sid:84512868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649762)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000583935/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649762/; classtype:trojan-activity;sid:84512862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649761)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649761/; classtype:trojan-activity;sid:84512861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649751)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649751/; classtype:trojan-activity;sid:84512851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649744)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-08/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649744/; classtype:trojan-activity;sid:84512844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649738)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2024-07-06/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649738/; classtype:trojan-activity;sid:84512838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649730)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000557542/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649730/; classtype:trojan-activity;sid:84512830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649731)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167115/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649731/; classtype:trojan-activity;sid:84512831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649707)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.61.160.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649707/; classtype:trojan-activity;sid:84512807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649699)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168301/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649699/; classtype:trojan-activity;sid:84512799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649701)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171474/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649701/; classtype:trojan-activity;sid:84512801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167423/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649692/; classtype:trojan-activity;sid:84512792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649685)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"87.249.142.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649685/; classtype:trojan-activity;sid:84512785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649682)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"222.252.31.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649682/; classtype:trojan-activity;sid:84512782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649681)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171702/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649681/; classtype:trojan-activity;sid:84512781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649677)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171468/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649677/; classtype:trojan-activity;sid:84512777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649676)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649676/; classtype:trojan-activity;sid:84512776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649673)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000230418/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649673/; classtype:trojan-activity;sid:84512773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649674)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166739/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649674/; classtype:trojan-activity;sid:84512774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-21/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649672/; classtype:trojan-activity;sid:84512772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000552326/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649669/; classtype:trojan-activity;sid:84512769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649656)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-04-29/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649656/; classtype:trojan-activity;sid:84512756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169927/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649655/; classtype:trojan-activity;sid:84512755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649647)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000543908/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649647/; classtype:trojan-activity;sid:84512747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649643)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172094/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649643/; classtype:trojan-activity;sid:84512743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649644)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000542543/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649644/; classtype:trojan-activity;sid:84512744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649635)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649635/; classtype:trojan-activity;sid:84512735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649622)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171302/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649622/; classtype:trojan-activity;sid:84512722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649626)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166801/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649626/; classtype:trojan-activity;sid:84512726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649613)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160981/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649613/; classtype:trojan-activity;sid:84512713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649607)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000551812/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649607/; classtype:trojan-activity;sid:84512707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2023-03-10/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649590/; classtype:trojan-activity;sid:84512690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649576)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168299/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649576/; classtype:trojan-activity;sid:84512676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649577)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167451/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649577/; classtype:trojan-activity;sid:84512677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649573)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160619/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649573/; classtype:trojan-activity;sid:84512673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649574)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171294/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649574/; classtype:trojan-activity;sid:84512674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649572)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171316/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649572/; classtype:trojan-activity;sid:84512672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649567)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000223168/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649567/; classtype:trojan-activity;sid:84512667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649556)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168281/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649556/; classtype:trojan-activity;sid:84512656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649549)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171358/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649549/; classtype:trojan-activity;sid:84512649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649551)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167601/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649551/; classtype:trojan-activity;sid:84512651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649552)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2024-06-06/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649552/; classtype:trojan-activity;sid:84512652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649544)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600310/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649544/; classtype:trojan-activity;sid:84512644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649546)"; flow:established,from_client; content:"GET"; http_method; content:"/aspnet_client/system_web/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649546/; classtype:trojan-activity;sid:84512646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649533)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166323/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649533/; classtype:trojan-activity;sid:84512633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649532)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000732234/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649532/; classtype:trojan-activity;sid:84512632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649528)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000223167/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649528/; classtype:trojan-activity;sid:84512628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649521)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000584370/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649521/; classtype:trojan-activity;sid:84512621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649517)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000583934/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649517/; classtype:trojan-activity;sid:84512617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649514)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165844/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649514/; classtype:trojan-activity;sid:84512614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649503)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165184/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649503/; classtype:trojan-activity;sid:84512603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649498)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/df/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649498/; classtype:trojan-activity;sid:84512598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649492)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168365/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649492/; classtype:trojan-activity;sid:84512592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649489)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-03-26/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649489/; classtype:trojan-activity;sid:84512589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649483)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000209999/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649483/; classtype:trojan-activity;sid:84512583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649468)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164122/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649468/; classtype:trojan-activity;sid:84512568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649459)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649459/; classtype:trojan-activity;sid:84512559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649455)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171854/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649455/; classtype:trojan-activity;sid:84512555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649440)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604321/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649440/; classtype:trojan-activity;sid:84512540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649424)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160615/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649424/; classtype:trojan-activity;sid:84512524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649418)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649418/; classtype:trojan-activity;sid:84512518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649416)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165250/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649416/; classtype:trojan-activity;sid:84512516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649414)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171286/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649414/; classtype:trojan-activity;sid:84512514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649411)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649411/; classtype:trojan-activity;sid:84512511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649406)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171402/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649406/; classtype:trojan-activity;sid:84512506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649397)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2021-05-08/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649397/; classtype:trojan-activity;sid:84512497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649395)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-08-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649395/; classtype:trojan-activity;sid:84512495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649392)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649392/; classtype:trojan-activity;sid:84512492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649389)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168553/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649389/; classtype:trojan-activity;sid:84512489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649391)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-08-22/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649391/; classtype:trojan-activity;sid:84512491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649387)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171462/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649387/; classtype:trojan-activity;sid:84512487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649385)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-12/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649385/; classtype:trojan-activity;sid:84512485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649382)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/info.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649382/; classtype:trojan-activity;sid:84512482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649379)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606635/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649379/; classtype:trojan-activity;sid:84512479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649377)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000238203/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649377/; classtype:trojan-activity;sid:84512477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649375)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2019-12-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649375/; classtype:trojan-activity;sid:84512475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649372)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171242/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649372/; classtype:trojan-activity;sid:84512472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649370)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649370/; classtype:trojan-activity;sid:84512470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649365)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171464/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649365/; classtype:trojan-activity;sid:84512465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649366)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-30/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649366/; classtype:trojan-activity;sid:84512466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649360)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171332/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649360/; classtype:trojan-activity;sid:84512460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649357)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166237/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649357/; classtype:trojan-activity;sid:84512457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649354)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165850/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649354/; classtype:trojan-activity;sid:84512454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649353)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000213544/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649353/; classtype:trojan-activity;sid:84512453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649346)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000265246/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649346/; classtype:trojan-activity;sid:84512446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649341)"; flow:established,from_client; content:"GET"; http_method; content:"/blog/info.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"96.11.145.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649341/; classtype:trojan-activity;sid:84512441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649338)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-06-13/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649338/; classtype:trojan-activity;sid:84512438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649335)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000587212/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649335/; classtype:trojan-activity;sid:84512435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649332)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172165/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649332/; classtype:trojan-activity;sid:84512432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649329)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165794/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649329/; classtype:trojan-activity;sid:84512429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649326)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000173022/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649326/; classtype:trojan-activity;sid:84512426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649321)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/ct-e/distribui%c3%a7%c3%a3o/info.zip"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649321/; classtype:trojan-activity;sid:84512421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649323)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000677/2023-11-20/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649323/; classtype:trojan-activity;sid:84512423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649310)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566420/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649310/; classtype:trojan-activity;sid:84512410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649309)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567141/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649309/; classtype:trojan-activity;sid:84512409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649306)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000215215/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649306/; classtype:trojan-activity;sid:84512406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649303)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000562903/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649303/; classtype:trojan-activity;sid:84512403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649295)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000567162/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649295/; classtype:trojan-activity;sid:84512395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649278)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168063/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649278/; classtype:trojan-activity;sid:84512378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649250)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000558592/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649250/; classtype:trojan-activity;sid:84512350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649252)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2024-06-06/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649252/; classtype:trojan-activity;sid:84512352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649243)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-21/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649243/; classtype:trojan-activity;sid:84512343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649242)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171090/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649242/; classtype:trojan-activity;sid:84512342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649193)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600544/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649193/; classtype:trojan-activity;sid:84512293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165480/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649189/; classtype:trojan-activity;sid:84512289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000564863/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649180/; classtype:trojan-activity;sid:84512280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000162652/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649173/; classtype:trojan-activity;sid:84512273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166657/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649158/; classtype:trojan-activity;sid:84512258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625429/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649149/; classtype:trojan-activity;sid:84512249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600309/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649145/; classtype:trojan-activity;sid:84512245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000556239/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649143/; classtype:trojan-activity;sid:84512243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000765367/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649144/; classtype:trojan-activity;sid:84512244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625325/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649142/; classtype:trojan-activity;sid:84512242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2021-11-14/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649137/; classtype:trojan-activity;sid:84512237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/9929/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649135/; classtype:trojan-activity;sid:84512235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649130/; classtype:trojan-activity;sid:84512230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/info.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649128/; classtype:trojan-activity;sid:84512228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168297/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649124/; classtype:trojan-activity;sid:84512224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-07-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649120/; classtype:trojan-activity;sid:84512220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168387/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649118/; classtype:trojan-activity;sid:84512218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000606634/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649119/; classtype:trojan-activity;sid:84512219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000551813/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649110/; classtype:trojan-activity;sid:84512210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/consulta/2019-03-13/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649111/; classtype:trojan-activity;sid:84512211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164394/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649112/; classtype:trojan-activity;sid:84512212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166665/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649107/; classtype:trojan-activity;sid:84512207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000224583/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649108/; classtype:trojan-activity;sid:84512208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170506/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649099/; classtype:trojan-activity;sid:84512199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-01/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649092/; classtype:trojan-activity;sid:84512192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2022-03-09/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649089/; classtype:trojan-activity;sid:84512189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591279/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649084/; classtype:trojan-activity;sid:84512184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165248/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649080/; classtype:trojan-activity;sid:84512180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000225746/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649078/; classtype:trojan-activity;sid:84512178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649061)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166183/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649061/; classtype:trojan-activity;sid:84512161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-05-07/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649062/; classtype:trojan-activity;sid:84512162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000616852/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649055/; classtype:trojan-activity;sid:84512155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-05/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649056/; classtype:trojan-activity;sid:84512156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/inutiliza%c3%a7%c3%a3o/2020-01-27/info.zip"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649050/; classtype:trojan-activity;sid:84512150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649043)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-18/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649043/; classtype:trojan-activity;sid:84512143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649033)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000170776/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649033/; classtype:trojan-activity;sid:84512133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160612/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649034/; classtype:trojan-activity;sid:84512134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649035)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2020-12-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649035/; classtype:trojan-activity;sid:84512135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649037/; classtype:trojan-activity;sid:84512137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171306/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649027/; classtype:trojan-activity;sid:84512127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160718/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649028/; classtype:trojan-activity;sid:84512128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604673/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649029/; classtype:trojan-activity;sid:84512129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-04-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649020/; classtype:trojan-activity;sid:84512120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164236/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649021/; classtype:trojan-activity;sid:84512121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171640/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649012/; classtype:trojan-activity;sid:84512112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3649003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000586305/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3649003/; classtype:trojan-activity;sid:84512103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648998)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/18296147000306/2024-08-07/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648998/; classtype:trojan-activity;sid:84512098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166851/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648995/; classtype:trojan-activity;sid:84512095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791001053/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648997/; classtype:trojan-activity;sid:84512097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553613/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648988/; classtype:trojan-activity;sid:84512088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172670/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648972/; classtype:trojan-activity;sid:84512072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000164510/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648973/; classtype:trojan-activity;sid:84512073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-16/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648964/; classtype:trojan-activity;sid:84512064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167219/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648966/; classtype:trojan-activity;sid:84512066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-05-02/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648960/; classtype:trojan-activity;sid:84512060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171308/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648957/; classtype:trojan-activity;sid:84512057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000556238/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648956/; classtype:trojan-activity;sid:84512056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171858/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648954/; classtype:trojan-activity;sid:84512054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/02589791000910/2023-12-21/info.zip"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648953/; classtype:trojan-activity;sid:84512053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648952)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160742/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648952/; classtype:trojan-activity;sid:84512052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648941)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000629918/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648941/; classtype:trojan-activity;sid:84512041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta%20nsu%20faltante/18296147000306/info.zip"; http_uri; depth:80; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648942/; classtype:trojan-activity;sid:84512042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/disponibilidade%20de%20servi%c3%a7o/es/info.zip"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648943/; classtype:trojan-activity;sid:84512043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566149/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648936/; classtype:trojan-activity;sid:84512036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168121/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648933/; classtype:trojan-activity;sid:84512033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165244/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648926/; classtype:trojan-activity;sid:84512026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648930/; classtype:trojan-activity;sid:84512030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-03-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648931/; classtype:trojan-activity;sid:84512031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000226538/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648921/; classtype:trojan-activity;sid:84512021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648912)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000201084/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648912/; classtype:trojan-activity;sid:84512012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-09-27/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648904/; classtype:trojan-activity;sid:84512004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168527/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648900/; classtype:trojan-activity;sid:84512000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2024-06-07/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648893/; classtype:trojan-activity;sid:84511993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648891)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167509/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648891/; classtype:trojan-activity;sid:84511991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648889)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171476/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648889/; classtype:trojan-activity;sid:84511989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168551/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648884/; classtype:trojan-activity;sid:84511984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165820/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648885/; classtype:trojan-activity;sid:84511985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000603104/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648886/; classtype:trojan-activity;sid:84511986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166085/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648872/; classtype:trojan-activity;sid:84511972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171292/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648877/; classtype:trojan-activity;sid:84511977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165486/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648868/; classtype:trojan-activity;sid:84511968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648858)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000169013/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648858/; classtype:trojan-activity;sid:84511958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160982/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648854/; classtype:trojan-activity;sid:84511954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000618093/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648852/; classtype:trojan-activity;sid:84511952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000165826/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648849/; classtype:trojan-activity;sid:84511949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000591547/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648832/; classtype:trojan-activity;sid:84511932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000595438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648828/; classtype:trojan-activity;sid:84511928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000621599/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648824/; classtype:trojan-activity;sid:84511924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171450/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648825/; classtype:trojan-activity;sid:84511925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648819)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166307/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648819/; classtype:trojan-activity;sid:84511919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648820)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-09-11/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648820/; classtype:trojan-activity;sid:84511920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648811)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171228/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648811/; classtype:trojan-activity;sid:84511911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648805)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171470/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648805/; classtype:trojan-activity;sid:84511905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648802)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172170/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648802/; classtype:trojan-activity;sid:84511902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648798)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000595439/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648798/; classtype:trojan-activity;sid:84511898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648791)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648791/; classtype:trojan-activity;sid:84511891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648788)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000625549/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648788/; classtype:trojan-activity;sid:84511888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648785)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2020-01-03/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648785/; classtype:trojan-activity;sid:84511885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648781)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168291/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648781/; classtype:trojan-activity;sid:84511881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648771)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171318/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648771/; classtype:trojan-activity;sid:84511871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648765)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-07-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648765/; classtype:trojan-activity;sid:84511865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648759)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/recep%c3%a7%c3%a3o/2019-05-08/info.zip"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648759/; classtype:trojan-activity;sid:84511859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648758)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000602408/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648758/; classtype:trojan-activity;sid:84511858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648753)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-01-14/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648753/; classtype:trojan-activity;sid:84511853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648755)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000553198/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648755/; classtype:trojan-activity;sid:84511855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648750)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172872/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648750/; classtype:trojan-activity;sid:84511850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648746)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160984/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648746/; classtype:trojan-activity;sid:84511846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648736)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-22/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648736/; classtype:trojan-activity;sid:84511836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648737)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160478/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648737/; classtype:trojan-activity;sid:84511837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648725)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000166243/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648725/; classtype:trojan-activity;sid:84511825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648722)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585561/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648722/; classtype:trojan-activity;sid:84511822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648712)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-06-04/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648712/; classtype:trojan-activity;sid:84511812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648710)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172746/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648710/; classtype:trojan-activity;sid:84511810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648707)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-11-12/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648707/; classtype:trojan-activity;sid:84511807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648706)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-05-09/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648706/; classtype:trojan-activity;sid:84511806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648700)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171310/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648700/; classtype:trojan-activity;sid:84511800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648702)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-08-08/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648702/; classtype:trojan-activity;sid:84511802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648698)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172292/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648698/; classtype:trojan-activity;sid:84511798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648693)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000542542/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648693/; classtype:trojan-activity;sid:84511793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648692)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000160618/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648692/; classtype:trojan-activity;sid:84511792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648689)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624761/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648689/; classtype:trojan-activity;sid:84511789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648690)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2025-01-06/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648690/; classtype:trojan-activity;sid:84511790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648686)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168329/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648686/; classtype:trojan-activity;sid:84511786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648682)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000167041/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648682/; classtype:trojan-activity;sid:84511782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648670)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624984/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648670/; classtype:trojan-activity;sid:84511770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648672)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000566430/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648672/; classtype:trojan-activity;sid:84511772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648669)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604501/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648669/; classtype:trojan-activity;sid:84511769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648655)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171438/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648655/; classtype:trojan-activity;sid:84511755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648657)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000230417/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648657/; classtype:trojan-activity;sid:84511757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648637)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000604491/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648637/; classtype:trojan-activity;sid:84511737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648630)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000585614/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648630/; classtype:trojan-activity;sid:84511730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648623)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/mdf-e/01/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648623/; classtype:trojan-activity;sid:84511723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648625)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/carta%20de%20corre%c3%a7%c3%a3o/2024-03-20/info.zip"; http_uri; depth:62; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648625/; classtype:trojan-activity;sid:84511725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648604)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2021-06-30/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648604/; classtype:trojan-activity;sid:84511704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648606)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2022-05-10/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648606/; classtype:trojan-activity;sid:84511706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648600)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/01/cancelamento/2019-03-26/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648600/; classtype:trojan-activity;sid:84511700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648592)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000168289/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648592/; classtype:trojan-activity;sid:84511692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648590)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171240/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648590/; classtype:trojan-activity;sid:84511690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648568)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000600290/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648568/; classtype:trojan-activity;sid:84511668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648571)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000172690/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648571/; classtype:trojan-activity;sid:84511671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648558)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000624763/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648558/; classtype:trojan-activity;sid:84511658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648561)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/manifesta%c3%a7%c3%a3o/consulta/02589791000758/2019-08-24/info.zip"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648561/; classtype:trojan-activity;sid:84511661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648562)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/td00000000000000171726/info.zip"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"177.70.102.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648562/; classtype:trojan-activity;sid:84511662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648527)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20pictures/info.zip"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648527/; classtype:trojan-activity;sid:84511627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648357)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20received%20files/vinod982038189896/info.zip"; http_uri; depth:168; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648357/; classtype:trojan-activity;sid:84511457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648354)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/transchart/unused%20desktop%20shortcuts/info.zip"; http_uri; depth:161; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648354/; classtype:trojan-activity;sid:84511454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648213)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/downloads/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648213/; classtype:trojan-activity;sid:84511313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3648112)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20received%20files/vinod982038189896/history/info.zip"; http_uri; depth:176; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3648112/; classtype:trojan-activity;sid:84511212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647826)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/raj%20sir/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647826/; classtype:trojan-activity;sid:84510926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647813)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/transchart/info.zip"; http_uri; depth:132; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647813/; classtype:trojan-activity;sid:84510913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647655)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/transchart/sail%20performa%20jan11/info.zip"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647655/; classtype:trojan-activity;sid:84510755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3647457)"; flow:established,from_client; content:"GET"; http_method; content:"/recipes/staging/a-89fb7017-7780-4b72-950d-c2db1146a34a.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"best10cdn.blob.core.windows.net"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3647457/; classtype:trojan-activity;sid:84510557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646414)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano/image.jpg|3f|12711343"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"ybgctdtbzvgpdxjivafy.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646414/; classtype:trojan-activity;sid:84509514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646420)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/nano_duso/image.jpg"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"frygzjyhtiunvhvnacif.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646420/; classtype:trojan-activity;sid:84509520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646403)"; flow:established,from_client; content:"GET"; http_method; content:"/storage/v1/object/public/hold/image.jpg|3f|12711343h"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"ihmmkvkaiwnilneauhfn.supabase.co"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646403/; classtype:trojan-activity;sid:84509503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3646408)"; flow:established,from_client; content:"GET"; http_method; content:"/files/jqqvlru0vaih3z.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"toolshare.com.tr"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_03; reference:url, urlhaus.abuse.ch/url/3646408/; classtype:trojan-activity;sid:84509508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645950)"; flow:established,from_client; content:"GET"; http_method; content:"/photo.scr"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.intelligradeeducation.vicentecisnerospub.com"; http_host; depth:48; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645950/; classtype:trojan-activity;sid:84509050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645889)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20pictures/neha%20imagecopy/info.zip"; http_uri; depth:159; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645889/; classtype:trojan-activity;sid:84508989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645874)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.185.26.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645874/; classtype:trojan-activity;sid:84508974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645854)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/wallpaper/info.zip"; http_uri; depth:138; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645854/; classtype:trojan-activity;sid:84508954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645847)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20music/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645847/; classtype:trojan-activity;sid:84508947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645832)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20scans/info.zip"; http_uri; depth:139; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645832/; classtype:trojan-activity;sid:84508932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645827)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/my%20received%20files/info.zip"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645827/; classtype:trojan-activity;sid:84508927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645760)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/various%20files/info.zip"; http_uri; depth:137; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645760/; classtype:trojan-activity;sid:84508860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645677)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/bhushan/info.zip"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645677/; classtype:trojan-activity;sid:84508777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645600)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft/windows/powershell/info.zip"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645600/; classtype:trojan-activity;sid:84508700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645516)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/deepak/my%20docs/info.zip"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645516/; classtype:trojan-activity;sid:84508616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645322)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/desktop/tai%20ping%20shan-phaethon-cp/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645322/; classtype:trojan-activity;sid:84508422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645234)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/cp%20transchart/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645234/; classtype:trojan-activity;sid:84508334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3645139)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/my%20documents/info.zip"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3645139/; classtype:trojan-activity;sid:84508239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644784)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/10-6-13/desktop/info.zip"; http_uri; depth:121; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644784/; classtype:trojan-activity;sid:84507884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3644339)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/info.zip"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3644339/; classtype:trojan-activity;sid:84507439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3643147)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/aryacorp%20delhi/anshul/anshul%20archieve/10.6.2013/jain%20sir%20data%20desktop/for%20xp%20sp2/info.zip"; http_uri; depth:120; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3643147/; classtype:trojan-activity;sid:84506247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642788)"; flow:established,from_client; content:"GET"; http_method; content:"/big/microsoft.sql.server.2012.enterprise.edition.with.service.pack.1-kopie/info.zip"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642788/; classtype:trojan-activity;sid:84505888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642779)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/key/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642779/; classtype:trojan-activity;sid:84505879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642775)"; flow:established,from_client; content:"GET"; http_method; content:"/incis/info.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642775/; classtype:trojan-activity;sid:84505875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642717)"; flow:established,from_client; content:"GET"; http_method; content:"/incis/key/inipaytest/info.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642717/; classtype:trojan-activity;sid:84505817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642700)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642700/; classtype:trojan-activity;sid:84505800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642692)"; flow:established,from_client; content:"GET"; http_method; content:"/microsoft/windows/info.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642692/; classtype:trojan-activity;sid:84505792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642677)"; flow:established,from_client; content:"GET"; http_method; content:"/incis/key/info.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642677/; classtype:trojan-activity;sid:84505777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642643)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/log/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642643/; classtype:trojan-activity;sid:84505743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642634)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe/ammicafefile/info.zip"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642634/; classtype:trojan-activity;sid:84505734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642522)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe/ammicafefile/ammicafesetup/info.zip"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642522/; classtype:trojan-activity;sid:84505622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642484)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe2/info.zip"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642484/; classtype:trojan-activity;sid:84505584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642438)"; flow:established,from_client; content:"GET"; http_method; content:"/info.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642438/; classtype:trojan-activity;sid:84505538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642422)"; flow:established,from_client; content:"GET"; http_method; content:"/02/info.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642422/; classtype:trojan-activity;sid:84505522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642417)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe2/ammicafe2file/info.zip"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642417/; classtype:trojan-activity;sid:84505517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642406)"; flow:established,from_client; content:"GET"; http_method; content:"/slnammicafe2/ammicafe2file/ammicafe2setup/info.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642406/; classtype:trojan-activity;sid:84505506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642382)"; flow:established,from_client; content:"GET"; http_method; content:"/big/html/info.zip"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642382/; classtype:trojan-activity;sid:84505482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642346)"; flow:established,from_client; content:"GET"; http_method; content:"/big/sql%20server%202014/info.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642346/; classtype:trojan-activity;sid:84505446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642349)"; flow:established,from_client; content:"GET"; http_method; content:"/images/info.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642349/; classtype:trojan-activity;sid:84505449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642324)"; flow:established,from_client; content:"GET"; http_method; content:"/01/info.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"121.184.128.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642324/; classtype:trojan-activity;sid:84505424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642297)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/uploads/info.zip"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"103.20.213.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642297/; classtype:trojan-activity;sid:84505397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642294)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/key/inipaytest/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642294/; classtype:trojan-activity;sid:84505394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642245)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642245/; classtype:trojan-activity;sid:84505345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642246)"; flow:established,from_client; content:"GET"; http_method; content:"/big/info.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642246/; classtype:trojan-activity;sid:84505346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3642226)"; flow:established,from_client; content:"GET"; http_method; content:"/inicis_dll/key/jungminsof/info.zip"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"222.239.87.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3642226/; classtype:trojan-activity;sid:84505326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3641834)"; flow:established,from_client; content:"GET"; http_method; content:"/images/art/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"5.149.184.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3641834/; classtype:trojan-activity;sid:84504934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3639311)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=15_5vja6ls72gnqbjqkrme1i7bmit0fe4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2025_10_02; reference:url, urlhaus.abuse.ch/url/3639311/; classtype:trojan-activity;sid:84502411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637210)"; flow:established,from_client; content:"GET"; http_method; content:"/images/bot.jpg"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"atasapka.com.tr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637210/; classtype:trojan-activity;sid:84500310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637189)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23082024105108/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637189/; classtype:trojan-activity;sid:84500289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637188)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26072024113244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637188/; classtype:trojan-activity;sid:84500288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637186)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19092024115007/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637186/; classtype:trojan-activity;sid:84500286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637187)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024081607/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637187/; classtype:trojan-activity;sid:84500287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637185)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12062024095414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637185/; classtype:trojan-activity;sid:84500285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637184)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27082024072850/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637184/; classtype:trojan-activity;sid:84500284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637183)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/12082024064105/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637183/; classtype:trojan-activity;sid:84500283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637182)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/16082024070308/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637182/; classtype:trojan-activity;sid:84500282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637181)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/13092024072525/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637181/; classtype:trojan-activity;sid:84500281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637180)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23072024115252/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637180/; classtype:trojan-activity;sid:84500280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637179)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21072024112418/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637179/; classtype:trojan-activity;sid:84500279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637178)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/16082024104510/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637178/; classtype:trojan-activity;sid:84500278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637177)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024110540/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637177/; classtype:trojan-activity;sid:84500277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637176)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024104005/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637176/; classtype:trojan-activity;sid:84500276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637175)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8343/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637175/; classtype:trojan-activity;sid:84500275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637174)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15082024173844/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637174/; classtype:trojan-activity;sid:84500274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637173)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26072024180426/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637173/; classtype:trojan-activity;sid:84500273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637172)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03072024101008/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637172/; classtype:trojan-activity;sid:84500272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637171)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13082024112350/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637171/; classtype:trojan-activity;sid:84500271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637170)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26072024074431/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637170/; classtype:trojan-activity;sid:84500270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637168)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024171022/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637168/; classtype:trojan-activity;sid:84500268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637169)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/11072024080039/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637169/; classtype:trojan-activity;sid:84500269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637167)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12092024113946/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637167/; classtype:trojan-activity;sid:84500267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637166)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024115637/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637166/; classtype:trojan-activity;sid:84500266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637165)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15092024104931/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637165/; classtype:trojan-activity;sid:84500265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637164)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/12072024075828/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637164/; classtype:trojan-activity;sid:84500264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637163)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11092024115504/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637163/; classtype:trojan-activity;sid:84500263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637160)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024115532/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637160/; classtype:trojan-activity;sid:84500260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637161)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024114132/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637161/; classtype:trojan-activity;sid:84500261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637162)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8465/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637162/; classtype:trojan-activity;sid:84500262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637159)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/25062024073012/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637159/; classtype:trojan-activity;sid:84500259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637158)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/29072024110431/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637158/; classtype:trojan-activity;sid:84500258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637157)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/30072024091401/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637157/; classtype:trojan-activity;sid:84500257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637153)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024124718/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637153/; classtype:trojan-activity;sid:84500253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637154)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024185433/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637154/; classtype:trojan-activity;sid:84500254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637155)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09072024110245/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637155/; classtype:trojan-activity;sid:84500255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637149)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/09092024072321/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637149/; classtype:trojan-activity;sid:84500249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637150)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024180909/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637150/; classtype:trojan-activity;sid:84500250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637151)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/24092024073908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637151/; classtype:trojan-activity;sid:84500251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637147)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/19062024071831/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637147/; classtype:trojan-activity;sid:84500247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637148)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21092024114951/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637148/; classtype:trojan-activity;sid:84500248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637145)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/30062024113348/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637145/; classtype:trojan-activity;sid:84500245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637146)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024113047/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637146/; classtype:trojan-activity;sid:84500246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637144)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/04092024120154/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637144/; classtype:trojan-activity;sid:84500244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637143)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01082024110241/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637143/; classtype:trojan-activity;sid:84500243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637141)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14072024110540/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637141/; classtype:trojan-activity;sid:84500241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637142)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024185045/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637142/; classtype:trojan-activity;sid:84500242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637138)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/19062024103023/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637138/; classtype:trojan-activity;sid:84500238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637139)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/06092024072348/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637139/; classtype:trojan-activity;sid:84500239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637140)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/29072024070625/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637140/; classtype:trojan-activity;sid:84500240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637137)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18072024112759/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637137/; classtype:trojan-activity;sid:84500237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637136)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024155154/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637136/; classtype:trojan-activity;sid:84500236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637135)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18082024113426/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637135/; classtype:trojan-activity;sid:84500235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637133)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024113602/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637133/; classtype:trojan-activity;sid:84500233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637134)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024163408/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637134/; classtype:trojan-activity;sid:84500234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637130)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/10082024110351/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637130/; classtype:trojan-activity;sid:84500230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637131)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12092024181446/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637131/; classtype:trojan-activity;sid:84500231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637129)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26082024115142/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637129/; classtype:trojan-activity;sid:84500229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637128)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/09092024091444/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637128/; classtype:trojan-activity;sid:84500228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637127)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23082024071038/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637127/; classtype:trojan-activity;sid:84500227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637122)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17062024181518/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637122/; classtype:trojan-activity;sid:84500222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637123)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05082024120940/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637123/; classtype:trojan-activity;sid:84500223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637124)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24072024112235/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637124/; classtype:trojan-activity;sid:84500224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637125)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17092024073614/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637125/; classtype:trojan-activity;sid:84500225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637120)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09082024122457/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637120/; classtype:trojan-activity;sid:84500220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637117)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/09092024112532/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637117/; classtype:trojan-activity;sid:84500217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637118)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24062024072602/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637118/; classtype:trojan-activity;sid:84500218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637119)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/12092024070406/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637119/; classtype:trojan-activity;sid:84500219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637115)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024143513/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637115/; classtype:trojan-activity;sid:84500215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637116)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/21082024081755/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637116/; classtype:trojan-activity;sid:84500216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637114)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13082024120234/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637114/; classtype:trojan-activity;sid:84500214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637113)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19072024123916/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637113/; classtype:trojan-activity;sid:84500213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637110)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/29082024122318/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637110/; classtype:trojan-activity;sid:84500210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637111)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/15072024080426/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637111/; classtype:trojan-activity;sid:84500211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637112)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22092024115602/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637112/; classtype:trojan-activity;sid:84500212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637109)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05082024125302/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637109/; classtype:trojan-activity;sid:84500209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637107)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024114842/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637107/; classtype:trojan-activity;sid:84500207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637108)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/16092024115114/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637108/; classtype:trojan-activity;sid:84500208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637105)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/31072024070936/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637105/; classtype:trojan-activity;sid:84500205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637106)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17092024104334/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637106/; classtype:trojan-activity;sid:84500206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637104)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/01082024072447/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637104/; classtype:trojan-activity;sid:84500204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637103)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024065930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637103/; classtype:trojan-activity;sid:84500203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637101)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/01082024133101/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637101/; classtype:trojan-activity;sid:84500201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637099)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02082024083649/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637099/; classtype:trojan-activity;sid:84500199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637100)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29072024182036/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637100/; classtype:trojan-activity;sid:84500200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637098)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/19072024071620/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637098/; classtype:trojan-activity;sid:84500198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637096)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8029/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637096/; classtype:trojan-activity;sid:84500196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637097)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/25092024150814/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637097/; classtype:trojan-activity;sid:84500197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637092)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024102505/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637092/; classtype:trojan-activity;sid:84500192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637093)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03092024131015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637093/; classtype:trojan-activity;sid:84500193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637094)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/15072024084956/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637094/; classtype:trojan-activity;sid:84500194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637090)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25062024105808/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637090/; classtype:trojan-activity;sid:84500190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637091)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/04092024072725/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637091/; classtype:trojan-activity;sid:84500191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637089)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20062024112748/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637089/; classtype:trojan-activity;sid:84500189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637087)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17072024103622/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637087/; classtype:trojan-activity;sid:84500187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637088)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/16082024121016/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637088/; classtype:trojan-activity;sid:84500188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637085)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24092024103551/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637085/; classtype:trojan-activity;sid:84500185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637086)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/15072024080017/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637086/; classtype:trojan-activity;sid:84500186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637082)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024081535/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637082/; classtype:trojan-activity;sid:84500182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637083)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/26072024111342/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637083/; classtype:trojan-activity;sid:84500183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637084)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024125904/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637084/; classtype:trojan-activity;sid:84500184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637081)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/tek/info.zip"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637081/; classtype:trojan-activity;sid:84500181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637080)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/11092024075310/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637080/; classtype:trojan-activity;sid:84500180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637076)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/24072024121144/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637076/; classtype:trojan-activity;sid:84500176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637077)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/badmail/info.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637077/; classtype:trojan-activity;sid:84500177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637078)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/06082024080109/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637078/; classtype:trojan-activity;sid:84500178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637079)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/12072024072413/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637079/; classtype:trojan-activity;sid:84500179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637073)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/08082024071151/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637073/; classtype:trojan-activity;sid:84500173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637074)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03092024073559/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637074/; classtype:trojan-activity;sid:84500174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637070)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8336/18072024083258/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637070/; classtype:trojan-activity;sid:84500170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637069)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024084736/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637069/; classtype:trojan-activity;sid:84500169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637067)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/08082024072046/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637067/; classtype:trojan-activity;sid:84500167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637068)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08072024110224/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637068/; classtype:trojan-activity;sid:84500168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637065)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02092024075924/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637065/; classtype:trojan-activity;sid:84500165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637064)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/30082024115734/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637064/; classtype:trojan-activity;sid:84500164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637062)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23072024075958/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637062/; classtype:trojan-activity;sid:84500162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637063)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27082024173545/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637063/; classtype:trojan-activity;sid:84500163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637060)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/06092024074954/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637060/; classtype:trojan-activity;sid:84500160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637056)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/24082024112958/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637056/; classtype:trojan-activity;sid:84500156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637057)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/04092024180827/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637057/; classtype:trojan-activity;sid:84500157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637058)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/05092024073851/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637058/; classtype:trojan-activity;sid:84500158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637055)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/05092024175914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637055/; classtype:trojan-activity;sid:84500155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637054)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07082024181015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637054/; classtype:trojan-activity;sid:84500154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637053)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/09082024151247/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637053/; classtype:trojan-activity;sid:84500153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637052)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024135901/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637052/; classtype:trojan-activity;sid:84500152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637050)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/04072024073930/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637050/; classtype:trojan-activity;sid:84500150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637051)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27072024111013/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637051/; classtype:trojan-activity;sid:84500151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637047)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28092024110908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637047/; classtype:trojan-activity;sid:84500147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637048)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/17062024124213/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637048/; classtype:trojan-activity;sid:84500148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637049)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21062024074659/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637049/; classtype:trojan-activity;sid:84500149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637046)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/06082024071203/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637046/; classtype:trojan-activity;sid:84500146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637044)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024163133/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637044/; classtype:trojan-activity;sid:84500144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637045)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/25092024084516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637045/; classtype:trojan-activity;sid:84500145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637042)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/01082024134811/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637042/; classtype:trojan-activity;sid:84500142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637037)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8336/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637037/; classtype:trojan-activity;sid:84500137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637038)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/26062024074615/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637038/; classtype:trojan-activity;sid:84500138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637039)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/20072024103050/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637039/; classtype:trojan-activity;sid:84500139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637040)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02072024072748/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637040/; classtype:trojan-activity;sid:84500140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637041)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17092024073317/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637041/; classtype:trojan-activity;sid:84500141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637036)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024124018/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637036/; classtype:trojan-activity;sid:84500136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637034)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/27092024120719/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637034/; classtype:trojan-activity;sid:84500134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637032)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29062024115106/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637032/; classtype:trojan-activity;sid:84500132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637030)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/02092024121943/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637030/; classtype:trojan-activity;sid:84500130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637029)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06092024173040/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637029/; classtype:trojan-activity;sid:84500129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637026)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/17072024080628/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637026/; classtype:trojan-activity;sid:84500126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637027)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13082024144908/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637027/; classtype:trojan-activity;sid:84500127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637028)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/14092024112531/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637028/; classtype:trojan-activity;sid:84500128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637025)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29082024110733/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637025/; classtype:trojan-activity;sid:84500125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637024)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024161738/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637024/; classtype:trojan-activity;sid:84500124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637021)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/25062024074726/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637021/; classtype:trojan-activity;sid:84500121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637022)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/02102024124124/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637022/; classtype:trojan-activity;sid:84500122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637023)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/01082024124212/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637023/; classtype:trojan-activity;sid:84500123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637020)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/29072024170139/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637020/; classtype:trojan-activity;sid:84500120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637015)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024090633/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637015/; classtype:trojan-activity;sid:84500115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637017)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12082024111719/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637017/; classtype:trojan-activity;sid:84500117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637019)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/13062024073315/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637019/; classtype:trojan-activity;sid:84500119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637011)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26092024073319/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637011/; classtype:trojan-activity;sid:84500111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637012)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/03072024075801/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637012/; classtype:trojan-activity;sid:84500112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637013)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/13092024065731/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637013/; classtype:trojan-activity;sid:84500113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637014)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02092024155414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637014/; classtype:trojan-activity;sid:84500114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637007)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29062024131718/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637007/; classtype:trojan-activity;sid:84500107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637008)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024163711/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637008/; classtype:trojan-activity;sid:84500108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637009)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27062024115812/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637009/; classtype:trojan-activity;sid:84500109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637010)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07072024113310/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637010/; classtype:trojan-activity;sid:84500110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637005)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/26082024175225/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637005/; classtype:trojan-activity;sid:84500105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637002)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06092024112226/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637002/; classtype:trojan-activity;sid:84500102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637003)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/8325/14062024181140/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637003/; classtype:trojan-activity;sid:84500103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637004)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15092024163914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637004/; classtype:trojan-activity;sid:84500104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636999)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/12082024111034/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636999/; classtype:trojan-activity;sid:84500099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637000)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/19062024111300/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637000/; classtype:trojan-activity;sid:84500100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3637001)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/02092024070516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3637001/; classtype:trojan-activity;sid:84500101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636997)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15062024120757/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636997/; classtype:trojan-activity;sid:84500097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636996)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/07082024074934/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636996/; classtype:trojan-activity;sid:84500096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636993)"; flow:established,from_client; content:"GET"; http_method; content:"/exeftp/drop/info.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636993/; classtype:trojan-activity;sid:84500093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636994)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024172104/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636994/; classtype:trojan-activity;sid:84500094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636995)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23072024072015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636995/; classtype:trojan-activity;sid:84500095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636992)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18082024174028/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636992/; classtype:trojan-activity;sid:84500092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636991)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/10072024072615/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636991/; classtype:trojan-activity;sid:84500091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636990)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03102024140347/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636990/; classtype:trojan-activity;sid:84500090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636987)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/29072024094428/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636987/; classtype:trojan-activity;sid:84500087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636988)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024114220/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636988/; classtype:trojan-activity;sid:84500088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636986)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/19072024081323/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636986/; classtype:trojan-activity;sid:84500086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636985)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/08082024072411/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636985/; classtype:trojan-activity;sid:84500085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636982)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024072722/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636982/; classtype:trojan-activity;sid:84500082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636978)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/17062024075813/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636978/; classtype:trojan-activity;sid:84500078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636979)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26072024071101/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636979/; classtype:trojan-activity;sid:84500079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636980)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/18092024104929/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636980/; classtype:trojan-activity;sid:84500080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636975)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8051/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636975/; classtype:trojan-activity;sid:84500075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636976)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024144032/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636976/; classtype:trojan-activity;sid:84500076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636977)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/26082024121258/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636977/; classtype:trojan-activity;sid:84500077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636967)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27082024111920/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636967/; classtype:trojan-activity;sid:84500067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636968)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024121015/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636968/; classtype:trojan-activity;sid:84500068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636969)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024175843/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636969/; classtype:trojan-activity;sid:84500069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636970)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/18062024121810/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636970/; classtype:trojan-activity;sid:84500070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636971)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12072024130606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636971/; classtype:trojan-activity;sid:84500071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636972)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16062024115815/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636972/; classtype:trojan-activity;sid:84500072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636973)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13092024164829/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636973/; classtype:trojan-activity;sid:84500073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636965)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02092024071944/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636965/; classtype:trojan-activity;sid:84500065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636966)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01092024103900/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636966/; classtype:trojan-activity;sid:84500066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636964)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/23072024130857/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636964/; classtype:trojan-activity;sid:84500064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636963)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/06092024071949/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636963/; classtype:trojan-activity;sid:84500063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636957)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17062024111134/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636957/; classtype:trojan-activity;sid:84500057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636958)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/12082024174415/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636958/; classtype:trojan-activity;sid:84500058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636959)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/02082024073257/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636959/; classtype:trojan-activity;sid:84500059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636960)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03092024120537/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636960/; classtype:trojan-activity;sid:84500060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636961)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/01072024102122/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636961/; classtype:trojan-activity;sid:84500061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636962)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27072024112004/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636962/; classtype:trojan-activity;sid:84500062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636956)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/09072024071533/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636956/; classtype:trojan-activity;sid:84500056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636955)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/22082024070804/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636955/; classtype:trojan-activity;sid:84500055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636954)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/21082024115442/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636954/; classtype:trojan-activity;sid:84500054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636953)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/8325/info.zip"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636953/; classtype:trojan-activity;sid:84500053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636948)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/17072024080732/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636948/; classtype:trojan-activity;sid:84500048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636949)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/19082024080051/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636949/; classtype:trojan-activity;sid:84500049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636950)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024111159/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636950/; classtype:trojan-activity;sid:84500050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636951)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28072024115238/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636951/; classtype:trojan-activity;sid:84500051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636947)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/07082024070516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636947/; classtype:trojan-activity;sid:84500047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636946)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024175546/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636946/; classtype:trojan-activity;sid:84500046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636945)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25072024103203/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636945/; classtype:trojan-activity;sid:84500045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636942)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/31082024165207/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636942/; classtype:trojan-activity;sid:84500042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636943)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11062024093514/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636943/; classtype:trojan-activity;sid:84500043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636944)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/06092024114755/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636944/; classtype:trojan-activity;sid:84500044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636940)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/27092024123259/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636940/; classtype:trojan-activity;sid:84500040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636937)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13072024115545/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636937/; classtype:trojan-activity;sid:84500037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636936)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29072024104316/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636936/; classtype:trojan-activity;sid:84500036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636935)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/13072024115848/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636935/; classtype:trojan-activity;sid:84500035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636934)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/24072024071414/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636934/; classtype:trojan-activity;sid:84500034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636933)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16092024105926/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636933/; classtype:trojan-activity;sid:84500033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636932)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28082024174605/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636932/; classtype:trojan-activity;sid:84500032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636931)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024174233/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636931/; classtype:trojan-activity;sid:84500031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636927)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23072024081312/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636927/; classtype:trojan-activity;sid:84500027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636928)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/02102024072353/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636928/; classtype:trojan-activity;sid:84500028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636929)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024174750/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636929/; classtype:trojan-activity;sid:84500029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636930)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8325/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636930/; classtype:trojan-activity;sid:84500030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636925)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8336/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636925/; classtype:trojan-activity;sid:84500025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636926)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/19062024070824/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636926/; classtype:trojan-activity;sid:84500026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636920)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/22082024121329/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636920/; classtype:trojan-activity;sid:84500020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636921)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26062024155216/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636921/; classtype:trojan-activity;sid:84500021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636922)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/24092024120511/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636922/; classtype:trojan-activity;sid:84500022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636923)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16062024180613/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636923/; classtype:trojan-activity;sid:84500023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636919)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07072024165922/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636919/; classtype:trojan-activity;sid:84500019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636918)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024114239/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636918/; classtype:trojan-activity;sid:84500018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636917)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/20082024112036/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636917/; classtype:trojan-activity;sid:84500017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636916)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8318/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636916/; classtype:trojan-activity;sid:84500016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636913)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/31082024110606/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636913/; classtype:trojan-activity;sid:84500013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636914)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11062024112609/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636914/; classtype:trojan-activity;sid:84500014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636910)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/02072024115435/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636910/; classtype:trojan-activity;sid:84500010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636909)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07092024122439/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636909/; classtype:trojan-activity;sid:84500009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636906)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/14062024123830/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636906/; classtype:trojan-activity;sid:84500006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636908)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/17062024180043/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636908/; classtype:trojan-activity;sid:84500008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636905)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28072024115112/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636905/; classtype:trojan-activity;sid:84500005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636904)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21082024090731/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636904/; classtype:trojan-activity;sid:84500004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636902)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23092024113222/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636902/; classtype:trojan-activity;sid:84500002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636900)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/03072024113724/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636900/; classtype:trojan-activity;sid:84500000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636899)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/11092024134516/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636899/; classtype:trojan-activity;sid:84499999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636897)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8334/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636897/; classtype:trojan-activity;sid:84499997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636894)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08082024114317/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636894/; classtype:trojan-activity;sid:84499994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636895)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/18072024151745/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636895/; classtype:trojan-activity;sid:84499995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636893)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/19072024124237/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636893/; classtype:trojan-activity;sid:84499993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636892)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/29082024170717/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636892/; classtype:trojan-activity;sid:84499992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636883)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/08072024075903/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636883/; classtype:trojan-activity;sid:84499983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636884)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8325/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636884/; classtype:trojan-activity;sid:84499984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636885)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/15062024114520/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636885/; classtype:trojan-activity;sid:84499985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636886)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/13092024153227/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636886/; classtype:trojan-activity;sid:84499986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636887)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/14082024075957/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636887/; classtype:trojan-activity;sid:84499987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636888)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/26082024070716/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636888/; classtype:trojan-activity;sid:84499988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636890)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/21062024072959/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636890/; classtype:trojan-activity;sid:84499990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636882)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/cons/1/8325/13062024155232/info.zip"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636882/; classtype:trojan-activity;sid:84499982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636881)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024111126/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636881/; classtype:trojan-activity;sid:84499981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636880)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/04072024125301/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636880/; classtype:trojan-activity;sid:84499980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636876)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11082024113244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636876/; classtype:trojan-activity;sid:84499976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636877)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/04092024091820/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636877/; classtype:trojan-activity;sid:84499977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636878)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024125032/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636878/; classtype:trojan-activity;sid:84499978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636872)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/30072024114118/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636872/; classtype:trojan-activity;sid:84499972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636873)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05082024083850/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636873/; classtype:trojan-activity;sid:84499973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636874)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/17062024072104/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636874/; classtype:trojan-activity;sid:84499974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636875)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024125710/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636875/; classtype:trojan-activity;sid:84499975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636871)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/03072024103601/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636871/; classtype:trojan-activity;sid:84499971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636869)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/12082024120632/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636869/; classtype:trojan-activity;sid:84499969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636863)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636863/; classtype:trojan-activity;sid:84499963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636864)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/11072024071932/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636864/; classtype:trojan-activity;sid:84499964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636865)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/11072024143228/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636865/; classtype:trojan-activity;sid:84499965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636866)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/27092024124432/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636866/; classtype:trojan-activity;sid:84499966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636867)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/23082024175244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636867/; classtype:trojan-activity;sid:84499967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636868)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/13062024070655/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636868/; classtype:trojan-activity;sid:84499968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636862)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/14062024072833/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636862/; classtype:trojan-activity;sid:84499962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636859)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/25092024120601/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636859/; classtype:trojan-activity;sid:84499959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636860)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/08092024115123/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636860/; classtype:trojan-activity;sid:84499960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636855)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05072024071033/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636855/; classtype:trojan-activity;sid:84499955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636856)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/04102024094250/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636856/; classtype:trojan-activity;sid:84499956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636857)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/01082024101244/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636857/; classtype:trojan-activity;sid:84499957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636850)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/03072024091538/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636850/; classtype:trojan-activity;sid:84499950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636851)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/05082024114357/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636851/; classtype:trojan-activity;sid:84499951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636852)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/10092024070313/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636852/; classtype:trojan-activity;sid:84499952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636853)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/23092024123854/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636853/; classtype:trojan-activity;sid:84499953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636854)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/22082024112941/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636854/; classtype:trojan-activity;sid:84499954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636849)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/08072024113918/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636849/; classtype:trojan-activity;sid:84499949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636847)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8326/info.zip"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636847/; classtype:trojan-activity;sid:84499947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636843)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11072024110808/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636843/; classtype:trojan-activity;sid:84499943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636845)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/06072024112721/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636845/; classtype:trojan-activity;sid:84499945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636846)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/extcons/1/8326/info.zip"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636846/; classtype:trojan-activity;sid:84499946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636839)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/15072024151521/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636839/; classtype:trojan-activity;sid:84499939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636840)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/16072024120102/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636840/; classtype:trojan-activity;sid:84499940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636842)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/07102024115226/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636842/; classtype:trojan-activity;sid:84499942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636836)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/08072024070547/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636836/; classtype:trojan-activity;sid:84499936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636837)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/26092024103307/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636837/; classtype:trojan-activity;sid:84499937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636835)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/22072024134639/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636835/; classtype:trojan-activity;sid:84499935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636833)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/29072024120914/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636833/; classtype:trojan-activity;sid:84499933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636834)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/11092024104834/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636834/; classtype:trojan-activity;sid:84499934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636826)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/01072024095738/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636826/; classtype:trojan-activity;sid:84499926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636827)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/10072024073020/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636827/; classtype:trojan-activity;sid:84499927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636828)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/13082024065051/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636828/; classtype:trojan-activity;sid:84499928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636829)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/23092024074730/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636829/; classtype:trojan-activity;sid:84499929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636830)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/05092024071139/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636830/; classtype:trojan-activity;sid:84499930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636831)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8050/05072024143423/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636831/; classtype:trojan-activity;sid:84499931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636832)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8051/01072024073548/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636832/; classtype:trojan-activity;sid:84499932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636825)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/6011/16092024075132/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636825/; classtype:trojan-activity;sid:84499925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636824)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8029/28062024112249/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636824/; classtype:trojan-activity;sid:84499924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (3636823)"; flow:established,from_client; content:"GET"; http_method; content:"/tmpftp/delcacheprodutoseg/1/8059/18072024080738/info.zip"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"200.14.250.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2025_10_01; reference:url, urlhaus.abuse.ch/url/3636823/; classtype:trojan-act